Strong Growth in Cryptographic Keys and Digital Certificates
Growth in encrypted HTTPS to create secure and authenticated connections for web applications, cloud services and IoT is growing but more than half of organizations currently rely on chaotic, error prone, manual processes to protect these critical encryption assets.
Cybersecurity company Venafi, for example, recently published a study that found 58 percent of organizations used more than 2500 keys and certificates in 2016 and one in four organizations used more than 10,000 keys. In 2016, 50 percent saw their key and certificate use grow by more than 25 percent and one in five say key and certificate usage has increased by more than 50 percent. 49 percent say key and certificate use will grow by more than 25 percent over the next 12 months. Although 96 percent say that key and certificate management is part of their security program, only 34 percent say they manage their keys and certificates centrally.
“Wide spread adoption of DevOps, containers, and cloud services is probably not factored into these growth rates and that means the total number of keys and certificates organizations believe they will use is probably still too low,” noted Bocek. “In our work with Global 5000 organizations, most organizations find an average of 16,500 keys and certificates that were previously unknown and each unknown key and certificate represents an unknown encrypted tunnel. These dramatic growth rates, combined with organizations’ haphazard approach to protecting keys and certificates presents a golden opportunity for cyber criminals.”