HomeCII/OTLess life span reduces vulnerability of digital certificates

Less life span reduces vulnerability of digital certificates

Published on

spot_img

The proposal to shorten the life cycle of Transport Layer Security (TLS) certificates has sparked discussions within the cybersecurity community. TLS certificates play a crucial role in establishing secure connections between web servers and clients to protect sensitive data. Currently, most digital certificates have a life span of 398 days, including a 33-day grace period. However, proposals from Google and Apple suggest reducing this cycle to 100 days or even 47 days.

Jason Soroko, a senior fellow and CTO at Sectigo, highlights the importance of shorter certificate lives in DevOps environments. The rationale behind shorter durations is to minimize data loss in case of a compromise. An expired certificate can lead to connection denials and potential data breaches, underscoring the need for enhanced security measures.

Despite the anticipated changes in certificate renewal frequency, organizations utilizing security information and event management (SIEM) or security orchestration, automation, and response (SOAR) systems are unlikely to face operational disruptions. These automated tools streamline certificate renewal processes, ensuring business continuity and compliance.

Small to midsize businesses (SMBs) outsourcing network management services may already benefit from automated certificate updates through certificate life cycle management (CLM) services. By automating renewal processes, organizations can mitigate liabilities and enhance compliance with legal standards. However, manual certificate updates could introduce errors, escalating risks and operational challenges.

Arvid Vermote, GlobalSign’s worldwide CIO and CISO, emphasizes the necessity of automation in managing certificate updates effectively. As certificate durations diminish, the reliance on manual processes becomes impractical, paving the way for automated solutions to streamline renewal procedures. Soroko points out the technical complexities and risks associated with manual updates, advocating for widespread adoption of automation.

The shift towards shorter certificate life cycles also sheds light on shadow IT practices within organizations. CLM systems can uncover unrecognized digital certificates deployed by departments independently, uncovering potential security vulnerabilities. This discovery process aids in identifying rogue applications and unauthorized network access, bolstering overall security protocols.

Justin Lam, an analyst with 451 Research, underscores the proactive risk management approach necessitated by evolving certificate policies. Shorter certificate durations enhance oversight and control over digital assets, minimizing the impact of undetected vulnerabilities. As organizations navigate complex security landscapes, the need for comprehensive oversight and automation in certificate management becomes increasingly vital.

In conclusion, the proposed reduction in TLS certificate life cycles signifies a paradigm shift in cybersecurity strategies. Embracing automation and proactive risk management practices will be essential for organizations seeking to fortify their digital infrastructure against emerging threats and vulnerabilities. Adapting to these evolving trends will be crucial in safeguarding sensitive information and maintaining operational resilience in an increasingly digitalized landscape.

Source link

Latest articles

Biden Cybersecurity Order Includes Ambitious AI Plans

Outgoing President Joe Biden made one of his final moves in office by issuing...

Hackers going back to basics – Financial Times

In a recent development that has cybersecurity experts concerned, hackers have reportedly started returning...

The Expansion of Enterprise Data Poses Significant Cybersecurity Threats

In a world where data has become the lifeblood of both personal and business...

DOJ and FBI Take Down Malware Used By China-Backed Hackers In Worldwide Operation

In a monumental international effort, the US Department of Justice (DOJ) and the Federal...

More like this

Biden Cybersecurity Order Includes Ambitious AI Plans

Outgoing President Joe Biden made one of his final moves in office by issuing...

Hackers going back to basics – Financial Times

In a recent development that has cybersecurity experts concerned, hackers have reportedly started returning...

The Expansion of Enterprise Data Poses Significant Cybersecurity Threats

In a world where data has become the lifeblood of both personal and business...