Even after over a year of devastating effects of SolarWinds cyber-attacks, around 65% of the organizations are still struggling to safeguard and govern their increasing digital assets. This statistics is as per a recent report from AppViewX, titled “State of Certificate Lifecycle Management in Global Organizations.”
In collaboration with Ponemon Institute, the report took a survey of 1,586 IT and Security professionals regarding their challenges as well as strategies in digital identity and access management (IAM). Over 50% of the survey respondents state that their organizations have suffered one or more security or data breaches associated with digital-certificate compromise within the past two years.
As per the report from AppViewX, the primary cause of security breaches includes a cyber-attack (57%), a certificate authority (CA) compromise (49%), or negligence by an employee/third-party (48%). Around 58% of all those that suffered a data breach experienced severe or very severe financial losses. Yet, to prevent these cybersecurity incidents, only four in 10 organizations have developed an enterprise-wide security strategy to manage cryptographic keys and certificates.
Also Read: The Significance of Data Destruction for Data Security
However, realizing the severity of the issues, many organizations have begun to shift their priorities. They have started to put greater emphasis on machine identity management (MIM) while managing and securing digital certificates (54%) versus human identities such as usernames and passwords (46%). In fact, organizations are planning to invest nearly USD 1.2 million in 2022 alone to manage as well as secure their certificates. But, only around 33% of the respondents say they have an accurate inventory for all their certificates.
While organizations are heavily investing in managing and securing their digital assets, less than 15% of all the survey respondents claim their current CLM initiatives are mature. This means, that not having comprehensive visibility can be extremely damaging to the overall security posture of the organization.
With over 50% of the organizations experiencing security incidents on a frequent basis as a result of the expiry of certificates, it is no longer a responsible or feasible decision to utilize manual, siloed strategies and systems or antiquated legacy tools in a CLM program. Organizations should look forward to adopting a zero-trust strategy that is strengthened by automation for a cost-effective and viable solution moving forward.
The good news is that security leaders have realized the importance of automation in their security initiatives. In fact, as per the report, over 50% of the respondents view automation as a critical element for their CLM program while also utilizing an identity-first approach that puts identity at the heart of zero-trust security strategies.
A few more findings from the report include:
- Around 52% of the respondents state their organization utilizes automation to manage certificates
- Of these respondents that are using automation, they are able to reap the benefits such as performing tasks consistently while simultaneously bolstering their security to remove administrator access to key stores
- Industries such as financial services and the public sector are more likely to automate the management of their certificates
For more such updates follow us on Google News ITsecuritywire News. Please subscribe to our Newsletter for more updates.