The IT skills shortage has affected organizations across the globe. Skilled engineers, developers and other IT personnel are increasingly important as organizations seek to accelerate their digital transformation — but there’s only so much talent to go around. If you have a good employee or team, hang on to them at all costs.
Why, then, do organizations waste their IT team members’ time and effort on manual digital certificate management?
Certificates are critical to modern digital infrastructure, but their growing number has made manual management increasingly unwieldy. Put simply, digging through spreadsheets and manually renewing and revoking certificates are boring. Today’s IT experts have better things to do than manage expiration dates, especially when the tools needed for automated certificate lifecycle management (CLM) are more accessible than ever.
The explosion of digital certificates
Digital certificates have been around for decades. Issued by a certificate authority (CA), these digital documents are used to authenticate users, devices and applications. Anything with a chip likely has a digital certificate — from laptops and smart devices to credit cards, passports and even aircrafts. Any entity attempting to authenticate to a network needs to be able to provide its identity from her, whether it’s a company Wi-Fi network or a point-of-sale system in a retail store.
Because today’s world has become increasingly digital, the number of certificates has skyrocketed. Organizations that previously had a few hundred certificates now manage them by the thousands, tens of thousands or even millions.
Certificates need provisioning for every employee’s laptop, phone and user identity. They also need provisioning for every device on the network, including printers, credit card readers and key fobs. Plus, they need provisioning for things such as web servers, cloud applications, DevOps containers and remote access tools. There are so many use cases for digital certificates that listing all of them would take forever — which helps to illustrate the problem.
The need for certificate lifecycle management
Certificates were designed to expire. One purpose of a certificate is to put a time limit on how long a public-private key pair is valid. Depending on the certificate type and the use case, certificates can have radically different life spans. DevOps containers, for instance, are secured using digital certificates that might only last a few hours, while server or device certificates are often good for over a year. Private keys are rarely compromised, but renewing and reissuing certificates give organizations an opportunity to rotate their keys and update their public key infrastructure (PKI) policies in response to new and emerging threats.
The need to issue, renew and revoke certificates makes automated CLM a necessity. Before the influx of certificates, an organized IT employee could easily keep track of renewal dates with a spreadsheet. Some small organizations can still get away with this analog approach, but for most organizations today, it’s a waste of valuable resources. And, with IT experts in such high demand, how long will talented employees stick around if they’re tasked with tedious busywork for six hours a day? Not long.
CLM tools enable organizations to easily automate certificate renewals, regardless of term, use case or issuing CA. These tools enable IT employees to put their skills to better use elsewhere. They’re also more reliable than manual processes. Even the most detail-oriented employee can let a certificate expire by mistake, resulting in an authentication failure somewhere in the organization’s digital ecosystem. The consequences often come in the form of service outages or downtime. An Information Technology Intelligence Consulting report estimated a single hour of downtime can cost organizations anywhere from $150,000 to $1 million. Certificate failures can also create vulnerabilities that enable bad actors to infiltrate an enterprise network and exfiltrate valuable data.
Put IT talent to better use
Modern CLM tools are an essential part of today’s network architecture. There’s no reason to spend time and resources manually renewing certificates when tools already exist for this purpose. Due to the ongoing skills shortage, organizations must put their talent to good use and not drive them away with tedious busywork. Embracing automation can feel like a leap of faith for some organizations, but as certificate numbers continue to grow, the risks associated with manual management processes will become clear.
About the author
Tim Callan is chief compliance officer at Sectigo, where he is responsible for ensuring Sectigo’s CA practices comply with industry and regulatory requirements and the company’s certificate practices. Callan has more than 20 years of experience as a strategy and product leader for successful B2B software and SaaS companies, with 15 years of experience in the SSL and PKI technology spaces.