Managing SSL Certificates with Ease



Similar documents
White Paper. Business Continuity and Breach Protection: Why SSL Certificate Management is Critical to Today s Enterprise

Leveraging Symantec CIC and A10 Thunder ADC to Simplify Certificate Management

Discover the Latest Innovations with Website Security Solutions Lee-Lin Thye

Business Continuity and Breach Protection: Why SSL Certificate Management Is Critical to Today s Enterprise

CERTIFICATE MANAGEMENT SURVEY

Reducing Risk Through Effective Certificate Management

STATE OF THE DATA CENTER SURVEY GERMANY RESULTS

The Impact of HIPAA and HITECH

Is online backup right for your business? Eight reasons to consider protecting your data with a hybrid backup solution

Avoiding The Hidden Costs. of the Cloud

Simplify SSL Certificate Management Across the Enterprise

Six Steps to SSL Certificate Lifecycle Management

SIX STEPS TO SSL CERTIFICATE LIFECYCLE MANAGEMENT

Don't Wait Until It's Too Late: Choose Next-Generation Backup to Protect Your Business from Disaster

Simplify Your Windows Server Migration

Symantec Workspace Virtualization 7.6

Symantec App Center. Mobile Application Management and Protection. Data Sheet: Mobile Security and Management

Symantec Mobile Security

Closing the Vulnerability Gap of Third- Party Patching

Don t Lose the Data: Six Ways You May Be Losing Mobile Data and Don t Even Know It

DISCOVER, MONITOR AND PROTECT YOUR SENSITIVE INFORMATION Symantec Data Loss Prevention. symantec.com

Symantec Mobile Management 7.2

Web Protection for Your Business, Customers and Data

Taking the Leap to Virtualization

THREE KEYS TO COST-EFFECTIVE SECURITY FOR YOUR SMALL BUSINESS

Symantec Enterprise Vault for Microsoft Exchange

White Paper. Simplify SSL Certificate Management Across the Enterprise

Symantec Mobile Management for Configuration Manager 7.2

DATASHEET CONTROL COMPLIANCE SUITE VENDOR RISK MANAGER 11.1

Securing Microsoft Exchange 2010 with Symantec SSL Certificates

Trend Micro Cloud Security for Citrix CloudPlatform

Symantec Asset Management Suite 7.5 powered by Altiris technology

Preparing for a Cyber Attack PROTECT YOUR PEOPLE AND INFORMATION WITH SYMANTEC SECURITY SOLUTIONS

Two-Factor Authentication

8 Key Requirements of an IT Governance, Risk and Compliance Solution

Securing Microsoft Exchange 2010 With VeriSign Authentication Services

Symantec Control Compliance Suite Standards Manager

Symantec Endpoint Protection

Best Practices for a BYOD World

Overview. Comodo Certificate Manager

Leveraging a Maturity Model to Achieve Proactive Compliance

Symantec Asset Management Suite 7.6 powered by Altiris technology

Symantec Control Compliance Suite. Overview

White Paper. Keeping Your Private Data Secure

Symantec Client Management Suite 7.6 powered by Altiris technology

Symantec ServiceDesk 7.1

PROTECTED CLOUDS: Symantec solutions for consuming, building, or extending into the cloud

Privilege Gone Wild: The State of Privileged Account Management in 2015

Endpoint Protection Small Business Edition 2013?

Privilege Gone Wild: The State of Privileged Account Management in 2015

Optimizing the Data Center for Today s Federal Government

Comodo Certificate Manager. Comodo Enterprise

Optimizing the Data Center for Today s State & Local Government

Symantec Server Management Suite 7.6 powered by Altiris technology

Symantec Enterprise Vault for Microsoft Exchange

2012 Endpoint Security Best Practices Survey

Top 5 Reasons to Choose User-Friendly Strong Authentication

Best Practices for Running Symantec Endpoint Protection 12.1 on the Microsoft Azure Platform

Symantec Mobile Management 7.1

SafeNet DataSecure vs. Native Oracle Encryption

Asset Discovery with Symantec Control Compliance Suite

INFORMATION PROTECTED

Symantec Messaging Gateway 10.5

Data Sheet: Archiving Symantec Enterprise Vault for Microsoft Exchange Store, Manage, and Discover Critical Business Information

Enabling Continuous PCI DSS Compliance. Achieving Consistent PCI Requirement 1 Adherence Using RedSeal

White Paper. Enhancing Website Security with Algorithm Agility

Licensing Symantec Certificates

Payment Card Industry Data Security Standard

The problem with privileged users: What you don t know can hurt you

How To Support Bring Your Own Device (Byod)

Altiris Server Management Suite 7.1 from Symantec

Symantec Encryption Solutions for , Powered by PGP Technology

Symantec Protection Suite Enterprise Edition for Servers Complete and high performance protection where you need it

PCI DSS COMPLIANCE DATA

Biomni Front Office for NetBackup

Total Protection for Compliance: Unified IT Policy Auditing

Data Sheet: Endpoint Security Symantec Protection Suite Enterprise Edition Trusted protection for endpoints and messaging environments

Symantec Advanced Threat Protection: Network

SYMANTEC ENDPOINT PROTECTION SMALL BUSINESS EDITION

Maintaining PCI-DSS compliance. Daniele Bertolotti Antonio Ricci

Choosing a Cloud Hosting Provider with Confidence

How to Unlock Agility by Backing up to, from, and in the Cloud

Veritas Cluster Server from Symantec

Preemptive security solutions for healthcare

Avoiding the Top 5 Vulnerability Management Mistakes

Altiris Asset Management Suite 7.1 from Symantec

Symantec Endpoint Protection

Transcription:

WHITE PAPER: MANAGING SSL CERTIFICATES WITH EASE White Paper Managing SSL Certificates with Ease Best Practices for Maintaining the Security of Sensitive Enterprise Transactions

Managing SSL Certificates with Ease Contents Introduction... 3 Costs of SSL certificate mishaps... 4 Challenges in SSL certificate management... 5 Needed: A comprehensive SSL certificate management system... 6 Conclusion... 7 2

Introduction SSL certificates make it possible for users around the world to communicate sensitive information with the confidence that it is safe from malicious hackers, allowing anyone to confidently use the web for business and social interactions including banking, shopping, social interactions, and product development. Information explosion and the accelerating adoption of cloud computing is making SSL certificates more important than ever. Users must feel confident that they are at legitimate URLs before sharing valuable information or work on what might be a spoofed site. Additionally, the popularity of social media and emphasis of online collaboration in the modern enterprise makes SSL certificates essential in both work and play. Online users are sharing increasingly large volumes of personal and professional information, and need to know that their accounts will not be compromised. With the standardization to 2048-bit SSL certificates, website owners can be even more confident about the protection of their online data communications. Yet even enterprises using this higher level of security still face serious threats. One key reason for this risk: poor SSL certificate management. Poor SSL certificate management can happen for four reasons: Enterprises with hundreds (if not thousands) of SSL certificates from several different providers could lose track of certificates in their environments. When this happens, certificates could expire and go unnoticed for months, leaving websites unprotected and subject to browser warnings, and visitors vulnerable to hackers. Some certificate users in a company may deploy self-signed certificates on their own initiative. These certificates are largely unknown to IT, go unmanaged and could violate corporate policy. Poorly configured or incorrectly installed SSL certificates could result in business disruption if browser popup warnings occur when users try to access the site. By failing to follow best practices companies could find themselves with noncompliant certificates that make websites vulnerable to hackers or other risks. Their SSL certificates could have unsecure key length or algorithm, or issued from a Certificate Authority with security breaches. In a survey by ReRez Market Research in 2012, 82 percent of companies with an average of 2,000 SSL certificates reported seeing rogue certificates on their systems. 1 Other results of this survey showed the complexity of SSL certificate management: Most organizations use multiple methods to track their SSL certificates Only 40 percent are sure cloud-partner s certificates comply with internal standards A full 33 percent say their SSL certificate catalog is less than somewhat accurate This white paper will present the lack of operational efficiencies and compliance pitfalls associated with poor SSL certificate management, why poor management is potentially dangerous to the enterprise, and how the right SSL certificate management tool can help enterprises keep track of and manage SSL certificates more effectively. 1 Source: ReRez Market Research, January 2013. 3

Costs of SSL certificate mishaps The cost of possessing rogue or expired SSL certificates can be significant. SSL certificate management is complex with just 27 percent of enterprises feeling that managing cloud-based SSL certificates is easy, according to the ReRez survey. 2 Errors that occur from installing and configuring them manually can be costly. Business is impacted, and IT time and resources are redeployed from critical projects to fix problems that arise from improper installations. Human errors could put both website and users at risk. Then there are the painful, multistep processes required to track certificates manually using Excel spreadsheets that eats away at IT department time. For large data centers, it is time-consuming to manage certificates from different certificate authorities (CAs). Lost sales are another very significant cost. Forty-three percent of enterprise users said they would abandon a transaction if told a certificate had expired; 77 percent of consumers would abandon their shopping carts if confronted with an expired certificate. 3 According to the ReRez survey, the median business lost $222,000 and some businesses lost as much as $3.8 million in the past 12 months due to certificate mishaps. In addition to all the previously named costs, there s the risk of stolen intellectual property, along with damaged brand and reputation, if certificates are misconfigured. Additionally, the enterprise bears higher costs in the form of increased calls to the IT help desk by employees, and increased calls to customer support lines when customers get warning messages that certificates are out of date. For enterprises that are required to comply with federal and state regulations such as the Health Insurance Portability and Accountability Act (HIPAA) or Payment Card Industry (PCI) Data Security Standard mandates expired SSL certificates can be very serious. In healthcare, data breaches must be reported and each incident can carry heavy fines mandated by law. And in credit card transactions, having valid SSL certificates is required or heavy fines ensue. Then, many companies have their own internal security best practices that must be complied with. Non-compliance can end up costing organizations almost three times as much as taking the necessary steps to comply with data security standards. 2 Ibid. 3 Ibid. 4

All in all, the complexity of tracking certificates manually leads to many challenges and costs. Loss of business continuity and reduction of IT efficiency were cited by administrators as the top contributors to the costs of certificate mismanagement. (see Figure 1). The Complexity of Tracking Certificates Raises Challenges Makes our business less agile 33 % Increased costs 33 % Compliance issues 33 % Lowers IT efficiency by increasing the labor required to manage certificates 50 % Loss of business continuity from unplanned certificate expirations 50 % 0 % 10 % 20 % 30 % 40 % 50 % 60 % 4 Figure 1: Top contributors to costs of non-compliance with SSL certificate management best practices. 4 Challenges in SSL certificate management The fact is, managing large numbers of certificates is challenging. Enterprises can have hundreds, if not thousands, of certificates, each expiring at a different time. Employees responsible for managing certificates sometimes leave the organization, which increases the chances that certificate management tasks can fall through the cracks. Plus, if the organization possesses certificates from a number of different CAs, or has any self-signed certificates, matters are complicated even further. Although some CAs offer management tools, most can t manage certificates from different CAs, even within the same environment. Enterprises with distributed networks and various different applications running in their environments can have different security policies, and require different kinds of SSL certificates. They also need to adhere to industry standards. For example, companies need to be compliant with National Institute of Standards and Technology (NIST) mandates to migrate all SSL certificates from 1024-bit to 2048-bit SSL certificates. Enterprises must have visibility across their networks to discover all the certificates that need to be migrated. CAs with infrastructure that is not well secured could get hacked. When that happens, companies need to know if they have SSL certificates by the compromised CA in order to terminate or transfer the certificates to CAs with secure infrastructure. 4 Ibid. 5

The complexity and variance of approach with regards to installing SSL certificates could cause mistakes to happen. For example, some certificates may require an intermediate certificate to be installed and others not. Installation and renewal of certificates are not necessary a daily routine. Manual deployment of SSL certificates would necessitate administrators to constantly refresh their memories and track their work diligently to make sure the certificate renewal and installation process is adhered to correctly. Needed: A comprehensive SSL certificate management system The solution: an SSL certificate management system that simplifies SSL certificate discovery and monitoring and automates certificates renewal and transfer. An effective SSL certificate management solution will enable organizations to know what kinds of certificates they have, help them renew certificates in a timely fashion or have automated transfer from one CA to another. Characteristics of an effective SSL certificate management solution include: Automates discovery and monitoring. No need to manually search for the number or types of SSL certificates that exist in your environment. Automates lifecycle management, including renewal and installation. Installing intermediate certificates can be challenging for system administrators unfamiliar with SSL certificates. An SSL certificate management system with automated transfer and renew capabilities for intermediate certificates will help avoid incorrect installation and ensure business continuity. Provides strong reporting capabilities. Can report on all SSL certificates in the inventory for accountability and compliance verification, and can provide both detailed and executive-level reporting. Works across SSL certificates from multiple CAs, including self-signed certificates. No need for multiple CA management tools you should be able to manage all certificates from a single console. Works across distributed networks. A comprehensive solution works no matter where the SSL certificates have been installed. Notifies organizations when a certificate is about to expire. No more risk of expired certificates alarming users or website visitors. Rates security of SSL certificates. Makes sure you are adhering to industry best practices and standards. Provides easy access. You can manage certificates from desktops as well as mobile devices. Is easy to manage. The ideal SSL certificate management solution lives in the cloud so organizations don t have to worry about managing the server or software. With a single, comprehensive method of managing SSL certificates, organizations currently struggling to manage SSL can find relief and achieve enterprise-wide visibility with a simple, straightforward solution. 6

Conclusion A full 44 percent of organizations say that it is either somewhat or extremely common for them to have wrongly installed or misconfigured SSL certificates in their inventory. Forty-five percent experience security breaches due to SSL certificate issues. Fifty-six percent struggle with not knowing when certificates are about to expire (see Figure 2). Common SSL Certificate Issues Wrongly installed and misconfigured certificates 44 % Security breaches related to certificates 45 % Discovering rogue certificates 47 % Unanticipated expiration of certificates (we didn t know it was about to expire) 56 % 0 % 10 % 20 % 30 % 40 % 50 % 60 % 5 Figure 2: Somewhat / Extremely common SSL certificate issues that arise The solution: an SSL certificate management system similar to Symantec Certificate Intelligence, which automates the SSL certificate discovery and renewal process. With an effective SSL certificate management solution, organizations can mitigate the risks of manually installing, configuring, and tracking certificates, keeping their IT departments operating efficiently, their businesses free from disruption, and their users safe. 7

More information: In United States or Canada Visit our website http://go.symantec.com/certificate-intelligence-center To speak with a Product Specialist, please call or email: 1 (866) 893-6565 or 1 (650) 426-5112 SSL_EnterpriseSales_NA@symantec.com In Europe, Middle East or Africa (EMEA) Visit our website http://www.symantec.com/en/uk/verisign/ssl-certificates/certificate-intelligence-center?fid=ssl-certificates To speak with a Product Specialist, please call or email: United Kingdom and Ireland +0800 032 2101 Rest of EMEA +353 1 850-2628 or +41 (0) 26 429 7929 United Kingdom sslsales-uk@symantec.com Rest of EMEA sslsales-ch@symantec.com In Asia-Pacific Visit our website http://www.symantec.com/en/aa/verisign/ssl-certificates/certificate-intelligence-center To speak with a Product Specialist, please call or email: Australia +61 3 9674 5500 New Zealand +64 9912 7201 Hong Kong +852 30 114 683 Singapore +65 6622 Taiwan +886 2 2162 1992 Taiwan, Hong Kong, Singapore ssl_sales_asia@symantec.com Australia, New Zealand ssl_sales_au@symantec.com To speak with additional Product Specialists outside the U.S. For specific country offices and contact numbers, please visit our website About Symantec Symantec protects the world s information, and is a global leader in security, backup and availability solutions. Our innovative products and services protect people and information in any environment from the smallest mobile device, to the enterprise data center, to cloud-based systems. Our world-renowned expertise in protecting data, identities and interactions gives our customers confidence in a connected world. More information is available at www.symantec.com or by connecting with Symantec at: go.symantec.com/socialmedia. Symantec Corporation World Headquarters 350 Ellis Street Mountain View, CA 94043 USA 1 (866) 893 6565 www.symantec.com Copyright 2013 Symantec Corporation. All rights reserved. Symantec, the Symantec Logo, and the Checkmark Logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the U.S. and other countries. Other names may be trademarks of their respective owners. UID:197/04/13

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information