Page 101 - Cyber Defense eMagazine June 2020 Edition
P. 101
spreadsheet-based tracking and manual processes. While well-meaning, the combination of complex
ecosystems and manual processes almost always lead to undocumented installations and risk exposure.
Like any IT security initiative, the best place to start is with an updated system audit to help you assess
where your tools and processes rank in terms of efficacy and security. Regardless of the program you’ve
got in place Gartner suggests program managers conduct a periodic evaluation of certificate usages,
volume and expected use-case expansion. Inevitably more use cases mean more risk - security and risk
managers should consider a certificate management solution over spreadsheet-based methods.
Still think spreadsheets are the right tool for your organization? Here are five reasons to reconsider
spreadsheets as your primary certificate management tool:
By 2022, organizations that leverage X.509 certificate management tools will suffer 90% fewer certificate-
related issues and will spend half the time managing these issues, compared with organizations that use
spreadsheet-based management methods. ~ Gartner
Gartner cited a certificate management tool vendor who recently pointed out that when it observes clients
executing on a discovery process, clients typically see five to 10 times more certificates in their
environment than expected.
Reason #1: Spreadsheets don’t scale
Spreadsheets can’t natively scale alongside your Public Key Infrastructure (PKI) program and its growing
number of digital certificates. The manual effort required to maintain spreadsheets never decreases,
especially as new certificates are regularly deployed on the network. Growing certificate counts and
shorter validity periods make spreadsheet-based tracking infeasible for most organizations today.
Reason #2: Spreadsheets aren’t audit-ready
To prove compliance, you need to be able to demonstrate that you have complete visibility to all digital
certificates, detailed information about the algorithms they use, where they were issued from, where
they’re installed, who owns them and what applications rely on them. It’s next to impossible to capture
that level of detail and updates with a manual spreadsheet.
Reason #3: Spreadsheets lack automation
Many organizations underestimate the care and feeding required to continuously manage their
certificates. The issuance process alone typically takes three to six hours which includes generating a
key pair on a server, exporting the public key, ensuring certificate authority certification (thereby
converting it into X.509 certificate format), installing it, verifying that it’s active and finally returning the
server to live operation. That doesn’t account for time spent continually tracking down assets with
certificates, general maintenance and updates.
Reason #4: Spreadsheets create visibility gaps
It’s not the certificates you track that will cause your next outage - it’s the one’s you haven’t yet discovered.
Spreadsheets only allow you to account for and track the certificates you know about. The reality is that
Cyber Defense eMagazine –June 2020 Edition 101
Copyright © 2020, Cyber Defense Magazine. All rights reserved worldwide.
