Certificate Lifecycle Management

"On average, companies spend 225 hours manually managing 50 certificates a year[2]. About 74% of enterprises have seen system outages due to unplanned certificate expiration[3], and over 50% have a lost or rogue digital certificate"

Ken Linscott, Circle ID - March 2020

Certificates typically have a 4-phase lifecycle - Discovery, Enrollment, Provisioning, End-of-life. To make your PKI mature and reliable, you must have more control over all the 4 phases. The key aspects of these 4 phases are:

Discovery Phase

  • Extract from known sources
  • Network scans
  • Monitoring

Enrollment Phase

  • Procedures to request/ obtain new certificates

Provisioning Phase

  • Processes and procedures for distribution/ installation of certificates
  • Automation

End of life Phase

  • Processes for revocation/ renewal of certificates

Why you need a certificate management system

A certificate management system becomes necessary when your organization faces any of the following scenarios

  • Your manual labor reaches a threshold. One full-time-employee (FTE) can maintain about 40 certificates a week, or 2000 per year, assuming, same person can do it all, certificates are valid for 1 year, and we do not consider interactions between teams or complex testing scenarios.
  • Your certificate lifecycle processes are missing. It means, the certificate ownership details are not captured, or request/renewal processes of certificates are not defined.
  • Reporting & monitoring required. If you need network scanning to detect unauthorized users of a certificate, or monitor the site to detect tampering/ active MITM, or meet a compliance for certificate inventory reports.

Challenges in a certificate management system

Every organization faces the following challenges in creating and maintaining the certificate lifecycle:

  • Core Work
    • Establishing requirement
    • Architecture design
    • Importing existing certificates
    • Network discovery scan
    • Configuring policies and reports
    • Onboarding applications
    • Documentation on operations
    • Training
  • Additional Work
    • Integration with other systems (e.g, ticketing, IDM)
    • Automation
    • Custom reporting
  • Challenges
    • Network scans usually return a lot of data. Need guidelines to determine what is important
    • Difficult to get certificate ownership, if the organization does not have application/ data owners already defined

Key challenges of an organization

While dealing with certificate management, most organizations face challenges like manual-labour crossing the threshold, missing lifecycle processes, a need for monitoring/ reporting, automation of processes, or lack of operational documentation and training.

Solving your problems

We can solve your challenges & problems in certificate lifecycle management, through the following:

  • Establishing requirement, and designing the architecture
  • Performing network discovery scan
  • Importing existing certificates
  • Configuring policies and reports
  • Onboarding a set of pilot applications
  • Preparing documentation for operations and training
  • Developing a plan for addressing gaps
  • Developing a guide for process/ operations and certified training

Encryption Consulting offers a broad range of services in the Key and Certificate Management space from strategy to implementation and managed services.

Professional Services Offered

  • Implementing Certificate life cycle solution for certificate management
  • Implementing Certificate life cycle solution for SSH key management
  • Implementing automation for certificate lifecycle on various platforms (e.g. F5, tomcat, IIS)
  • Integrating PKI with other security services (typically to enable cert based authentication on VPN, Wi-Fi, NAC)

Case Study

Encryption Consulting assisted a Healthcare and Life Science Company by reviewing current practices...

"Encryption Consulting helped us remediate our high risk areas by creating a custom roadmap for our organization based on a thorough Assessment of our existing encryption environment"

VP Data Protection, Airline Industry

Blog

Common Encryption Challenges

Data protection must now be the number one priority for organizations.

Report

Global Encryption Trends Study

The purpose of this research is to examine how the use of encryption has evolved over the past 15 years and the impact of this technology

Download Report
Know more