More than a year after the historic and damaging SolarWinds attack, nearly 65 percent of organizations still are unable to secure and govern the growing volume of machine and application identities in the form of digital certificates, the backbone of enterprise security.
This is according to the new State of Certificate Lifecycle Management in Global Organizations report from AppViewX, a leader in automated certificate lifecycle management (CLM), and the Ponemon Institute.
The report, based on a survey of 1,586 IT and security professionals on the challenges and strategies in digital identity and access management (IAM), found that more than half of respondents say their organizations have experienced one or more security incidents or data breaches due to a digital-certificate related compromise within the last two years.
According to the data:
- The root causes of security incidents include a cyberattack (57 percent), a certificate authority (CA) compromise (49 percent), or employee/third-party negligence (48 percent)
- Of organizations that fell victim to a data breach, nearly two-thirds (58 percent) of the organizations experienced severe or very severe financial consequences
- To prevent these incidents from occurring, only four in 10 organizations have an enterprise-wide security strategy for managing cryptographic keys and certificates
Recognizing these issues, many organizations have started to shift their priorities, putting greater emphasis on machine identity management (MIM), as well as managing and securing digital certificates (54 percent) versus human identities, such as usernames and passwords, (46 percent), which they feel are less important.
In fact, organizations are set to spend around $1.2 million this year to manage and secure their certificates. Despite this, only one-third of respondents say they have an accurate inventory of all their certificates – a lack of comprehensive visibility that can prove damaging to their overall security postures.
Half of the respondents view automation as a key component to their CLM programs but also use an identity-first approach that puts identity at the center of Zero Trust security strategies.
Additional findings include:
- Fifty-two percent say their organizations use automation to manage certificates
- Of those who are automating, the benefits include: ensuring tasks are performed consistently and improving security by removing administrator access to keystores
- Financial services and public sector are most likely to automate the management of certificates
To download and view the full report, visit AppViewX’s website here.
To learn more about these findings, join AppViewX’s live webcast at 11 a.m. (ET), March 30.
