We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
80,258 News Articles

Managing X.509 certificates by spreadsheet too risky, says Gartner

Investment in automation now needed

Poor management of the X.509 certificates that underpin SSL security could explain a growing number of mysterious system outages, a Gartner report has suggested.

The biggest problem is simply the number of certificates which many businesses find themselves using for e-commerce and machine-to-machine communication which according to Gartner many still manage using manual spreadsheets.

In X.509 Certificate Management: Avoiding Downtime and Brand Damage, Gartner reckons that organisations managing as few as 200 certificates manually will need to employ need one full-time member of staff to cope with the workload of basic provisioning and renewal.

As this rises to thousands of certificates in large organisations, a certification management system becomes necessary to automate basic processes.

In Gartner's view the effect of expired X.509 certificates on service failures is probably now being underestimated.

"Many organisations that have an unplanned certificate expiry typically focus on other systemic causes, such as hardware or software issues, long before they begin to consider an expired X.509 certificate as the source of troubles," the authors believed.

As well as unexpected X.509 expiry, the report also notes that a number of certificate authorities have been compromised by hackers in the last year which puts further pressure on companies using such certificates to react quickly in the event of a breach.

Branded authorities suffering problems have included Comodo, DigiNotar, RSA, GlobalSign, largely at the hands of Iranian hacker 'Comodohacker', who single-handedly embarrassed a previously rock-solid certificate industry worth billions.

"This is what happens with organic growth. X.509 are implemented silo by silo," said Jeff Hudson, CEO of Venafi, along with Trustwave and VeriSign, one of three companies Gartner mentions as selling automated management systems.

According to Hudson, the sheer scale of the X.509 infrastructure companies are now managing has crept up on them over time. Organisations should develop business continuity for this in the light not only of its scale but it recent insecurity.

"It is totally manageable. These are machines talking to machines. It can be automated," he said.

Gartner recommends that organisations automate provision and renewal, introducing some form of validation using certificate revocation lists (CRLs) to ensure their security. Certificates should be carefully audited to ensure that they have installed or de-installed correctly.

IDG UK Sites

Best January sales 2015 UK tech deals LIVE: Best New Year bargains and savings on phones, tablets,...

IDG UK Sites

Chromebooks: ready for the prime time (but not for everybody)

IDG UK Sites

2015 visual trends: 20 leading designers & artists reveal what should be inspiring us in 2015

IDG UK Sites

Mac tips tricks & hacks: 10 things you didn't know your Mac could do