Top Certificate Authority finds that automation presents significant technical, compatibility, security and expertise challenges for a large swath of organizations
BOSTON, MA and LONDON, UK / ACCESSWIRE / September 26, 2023 / GMO GlobalSign K.K. (https://www.globalsign.com/en), a global Certificate Authority (CA) and leading provider of identity security, digital signing and IoT solutions today announced the results of a recent survey of enterprises and small to medium businesses that rely on Public Key Infrastructure (PKI) products and solutions. The findings from more than 100 respondents indicate that many organizations are unprepared for sweeping industry changes that call for mandated certificate automation.
As discussed in our June 20 announcement, later this year, and into 2024, there could be significant changes within the PKI marketplace, the most pressing matter being Google's move to reduce the lifespan of SSL/TLS certificates. The solution to meet this call by Google, and other browsers, is to automate certificate management. However, this is causing concern for the millions of businesses worldwide who rely on PKI for security compliance since many of them are not ready to make this leap. To get a sense of what companies' state of mind are around the issue, GMO GlobalSign asked 1,000 organizations about this industry shift. Approximately 110 companies responded.
GMO GlobalSign inquired about the challenges companies will face when Google reduces the maximum certificate to 90 days.
- Nearly a third of respondents said the increased administrative work and complexity were the biggest concerns (30 percent). Also worrisome for respondents is the possibility of more frequent root certificate updates, such as expected Mozilla updates set for 2024;
- Twenty percent of survey participants believe that a seven-year rotation for root certificates is manageable and would not cause a significant impact;
- Fifteen percent of those who responded worried about costs and overhead. This was of particular concern to small businesses and websites, where added costs might not be justified by the owners;
- Another thirty percent voiced concerns with older or legacy systems, frequent expirations as well as security and compliance challenges
Automation Stumbling Blocks
GMO GlobalSign also asked respondents about general barriers to automation. Responses were separated into five buckets: technical limitations compatibility issues, security, cost and resource constraints, lack of knowledge or expertise and infrastructure
- Thirty eight percent believe that technical limitations and compatibility are the biggest blockers to automation. This includes not having out-of-the-box solutions for automating certificate management, the lack of support for automated renewal in certain systems or environments (such as Windows, IIS, Plesk), and the incompatibility of some systems with standard automated solutions.
- A quarter of respondents point out cost and resource constraints as potential obstacles. This includes the costs associated with developing a custom automation system, and the resources needed to manage and maintain solutions for automated certificate management.
- Twenty percent of participants say a lack of knowledge or expertise is another potential challenge to automating certificates. This includes not knowing whether systems support the injection of new certificates and the restart of services, or being unfamiliar with, automation in general.
- Ten percent also cite security concerns, especially the governance and control of a fully automated system, as well as the need for audit trails, security approval and oversight in free public CAs.
- Seven percent also express concerns about the limits of infrastructure. This includes servers that are behind firewalls with strict policies, equipment that does not provide an API or other facility to manage the certificate, and networks that do not have access to the internet.
"It's clear that many challenges to certificate automation exist, whether you are an enterprise level organization or an SMB. There are a lot of steps to overcome before the vast majority of customers can support full automation," said Doug Beattie, Vice President, Product Management, GMO GlobalSign. "On the plus side, tools are available today to remove the pressure of certificate automation. Our products such as Automated Certificate Management Environment (ACME) greatly aid a company in this process. Our industry does not have clarity when a mandated 90-day automation may become real, but judging from our survey, organizations with concerns should begin taking steps now. In the long run, it will serve them well."
About GMO GlobalSign
As one of the world's most deeply-rooted certificate authorities, GMO GlobalSign is the leading provider of trusted identity and security solutions enabling businesses, large enterprises, cloud-based service providers, and IoT innovators worldwide to conduct secure online communications, manage millions of verified digital identities and automate authentication and encryption. Its high-scale Public Key Infrastructure (PKI) and identity solutions support the billions of services, devices, people, and things comprising the IoT. GMO GlobalSign is a subsidiary of GMO GlobalSign Holdings K.K., a member of the Japan-based GMO Internet Group, and has offices in the Americas, Europe and Asia. For more information, visit https://www.globalsign.com.
Media Relations Contacts
Director of Public Relations, West Region
Public Relations Manager, France and DACH
SOURCE: GMO GlobalSign