Amid high-profile outages, automated certificate management offers a solution

November 25, 2020
An expired certificate caused an hour-long outage last summer on Spotify. Today’s columnist, Abul Salek of Sectigo, raises awareness of the issue and offers insight on how automation can help security teams more effectively manage digital identity certificates. (CC BY-NC 2.0)
  • Managing certificates the old-fashioned way does not make sense. When businesses were dealing with relatively small numbers of certificates, it may have been possible to manage the renewal process via spreadsheets. But as the number of certificates in use for a given organization climbs into the hundreds, thousands, or even tens of thousands, that approach no longer works.

  • Automation isn’t just faster—it reduces the likelihood of human error. Combing through spreadsheets was always a problematic approach, and one that carried a high likelihood of human error. That error might come in the form of forgetting to renew an expiring certificate, failing to correctly provision a new certificate, or a variety of other options, and each carries potentially damaging consequences. At the current scale of certificates, automation remains the only feasible way to take human fallibility out of the equation.

  • Certificate automation tools are becoming more common. Microsoft itself offers a built-in certificate manager, Microsoft Active Directory Certificate Services (ADCS), in its family of products, highlighting the integral role that the company expects automation to play moving forward. In fact, many organizations may already use this simple form of automation without realizing it. However, it’s important to note that the Microsoft Teams outage indicates that there’s still a long way to go when it comes to widespread adoption of automation—even within organizations that most would expect to handle it properly.

  • Third-party tools and protocols have made automation accessible to all. Today, a new breed of tools can manage both private and public certificates via a single platform, streamlining not only the discovery of all certs across an enterprise, but also provisioning, renewal, and even revocation. Most certificate managers are compatible with today’s most common Representation State Transfer (REST) APIs, and many offer integration with modern business necessities like DevOps platforms and public cloud capabilities. And using certificate management tools that leverage popular protocols such as Automated Certificate Management Environment (ACME) can eliminate a number of different problems. It’s possible to set expiring certificates to automatically renew—preventing costly errors with the click of a button.
prestitial ad