Corporations need to prioritize protecting keys and certificates
Businesses must prioritize protecting their security keys and certificates or leave themselves open to losing customers.
Businesses must prioritize protecting their security keys and certificates or leave themselves open to losing customers, system outages, audit failures and possibly failing, according to a report from the Ponemon Institute.
Ponemon's 2015 Cost of Failed Trust Report: When Trust Online Breaks, Business Lose Customers report found that 59 percent of the 2,394 security IT professionals polled admitted to losing business due to their failure to establish a level of online trust using keys and certificates in their business. A more direct impact is $15 million loss incurred each time a company's system goes down due to certificate-related outages, which happens when a certificate is allowed to expire resulting in blocked access to servers and websites. Ponemon said the certificate-related outages takes place on average twice every two years per organization.
“Organizations need to initiate processes and technologies that allow them to gain complete visibility into their key and certificate inventory and apply policies that comply with regulatory, industry, and internal governance standards—to avoid both outages and compromise,” the report stated.
The best way to ensure that keys and certificates are up to date is for a company to hold regular audits, the report suggested. This will also help organizations understand exactly how many keys and certificates they are dealing with. Ponemon found that 54 percent of those surveyed don't even know how many keys and certificates they are responsible for or where they are used.
This data came from previously unreleased information Ponemon's 2015 Cost of Failed Trust Report, which was originally released earlier this year.