Venafi Launches 90-Day TLS Certificate Renewal Initiative – Source: securityboulevard.com

Venafi today launched an initiative to help organizations prepare to implement and manage certificates based on the Transport Layer Security (TLS) protocol that Google is proposing should be renewed every 90 days.

Google has yet to implement a 90-day TLS certificate requirement but once it does, organizations will need to find a way to automate the management of certificate renewals. Venafi, a provider of platforms for managing machine identities, is launching a 90-day TLS Readiness Solution that includes consulting engagements to help organizations make this transition.

That offering is based on a Control Plane for Machine Identities platform, that Venafi developed to provide a TLS Protect extension that identifies and maps TLS certificate inventories.

Shivajee Samdarshi, chief product officer at Venafi, said unless organizations start making this transition today the amount of time between when Google formally adds this requirement and when organizations must comply is likely to be compressed.

Managing Certificates

Many organizations are already struggling with managing certificates that if not renewed will result in a web application becoming unavailable. A recent Venafi report found 83% of organizations have been hit by certificate-related outages in the past 12 months, and 57% have experienced security incidents involving compromised TLS certificates.

The lack of a certificate can also significantly impact web applications that continue to run. Web applications that don’t have certificates are penalized in search rankings because the underlying site is assumed to be insecure. In some cases, IT teams that rely on manual processes to issue certificates may not even be aware of the issue until traffic to that application steadily declines over weeks and months.

Google hopes to address that later issue by requiring organizations to renew TLS certificates more frequently.

The speed at which certificates can be issued is also a critical factor as the rate of application deployment increases. DevOps teams, for example, often require requested certificates to be available in seconds. As the number of microservices-based applications expands, so does the number of certificates required. Making it simpler for IT teams to automatically request certificates ultimately reduces friction across the software development lifecycle.

Just about every IT professional has encountered at least one instance where an expired certificate has led to a disruption in service. While it doesn’t usually take long to restore service, certificates that are allowed to expire tend to erode end-user confidence in an IT team.

Certificate management, of course, is not always top of mind issue. In many cases, it’s unclear whether cybersecurity or IT operations teams are responsible for managing it. The concern is that as the number of certificates that need to be issued and updated increases, the opportunity for mistakes exponentially increases. Most organizations will eventually need to find ways to automate the renewal process as much as possible.

The good news is that as TLS certificates are eventually renewed more often the overall state of web security should improve in a way that, hopefully, helps reduce the current level of stress most cybersecurity teams are under.