In a recent survey conducted by Venafi, it was found that 76% of security leaders in organizations acknowledge the urgent need to transition to shorter certificate lifespans in order to enhance security measures. Despite this recognition, a significant number of them, 77%, expressed feelings of unpreparedness to take necessary actions, foreseeing a potential increase in outages as a result of the shift to 90-day certificates.
One of the major developments in the realm of security measures is Google’s proposal to reduce TLS certificate lifespans from 398 days to 90 days. This proposed change has raised concerns among 81% of security leaders, who believe that it will exacerbate the existing challenges they face in managing certificates. A staggering 94% of respondents expressed worry about the repercussions of these changes, with 73% fearing potential chaos and 75% even voicing concerns about decreased security levels.
The recent upheaval caused by the announcement that certificates issued by certificate authority (CA) Entrust are no longer considered trustworthy serves as a stark reminder of the disruptions prevalent in the CA market. According to the survey, 88% of security leaders reported that their organizations have been impacted by CA revocations, leading to various consequences such as deploying additional resources for certificate replacements, security incidents, and certificate-related outages.
With the impending need to transition to new quantum-resistant encryption algorithms gaining momentum, 64% of security leaders expressed apprehension about the day when the board inquires about their migration plans. Despite the potential risks posed by quantum computing capabilities, as highlighted by 78% of respondents who stated they would address the issue when it arises, a significant portion, 60%, remain unconvinced that quantum computing poses a threat to their businesses either currently or in the foreseeable future. This skepticism was further emphasized by 67% of respondents dismissing the concerns as exaggerated hype.
Kevin Bocek, the chief innovation officer at Venafi, emphasized the necessity of shifting to shorter certificate lifecycles to mitigate risks associated with certificate expirations. However, he also acknowledged the potential challenges this transition may pose for security teams, especially in light of the recent distrust in Entrust by Google Chrome.
The transition to 90-day certificates presents a formidable challenge for organizations, requiring them to renew certificates five times more frequently than before. This effort is compounded by delays in deployment and the escalating volume of TLS certificates necessitated by digital transformation initiatives. Security leaders highlighted concerns about the speed, scale, and cost of migration to post-quantum cryptography, underscoring the importance of taking control of key and certificate management to prepare for future risks.
Despite the complexities and uncertainties surrounding these transitions, Bocek remains optimistic about the advancements in machine identity security capabilities available to security teams today. By leveraging technologies such as certificate lifecycle management and PKI-as-a-service, organizations can better equip themselves to navigate the evolving landscape of security challenges, including shorter certificate lifespans, CA distrust, and the shift towards post-quantum encryption.