85 Percent Of IT Professionals Believe Google Will Distrust Additional Certificate Authorities

552

However, only 23 percent said they were confident in their ability to quickly find all certificates issued by a specific CA

 Venafi®, the leading provider of machine identity protection, today announced the results of a study conducted by Dimensional Research that evaluates how prepared organizations are to respond to Certificate Authority (CA) errors and browser distrust events. The study includes responses from eleven hundred IT security professionals who are knowledgeable about CAs from the U.S., U.K. and Germany, France and Australia.

Although IT security professionals are troubled by future CA incidents, very few have the tools needed to switch CAs quickly. For example, just fifteen percent of respondents believe that Google’s decision to distrust Symantec certificates is a one-time event. However, if they were affected by a major CA event, only twenty-three percent said they are completely confident in their ability to quickly find and replace all their impacted certificates.

“CAs have a very difficult job and they deal with many complexities that are outside their control,” said Mike Dodson, global head of solution architects for Venafi. “Every CA is exposed to risks; and CA compromises and errors can leave organizations scrambling to find and replace many certificates in a short amount of time. Organizations need greater control over the CAs they trust, but they also must acknowledge that they’ll never have full control. For example, browsers play a big role in how we trust CAs. Chrome and Mozilla recently decided they would no longer trust certificates issued by Symantec, and now many organizations must replace these certificates before a set deadline.”

Additional findings indicate that security professionals may be over estimating their ability to respond to a CA incident:

  • Eighty-one percent of the respondents are concerned about future incidents involving CAs.
  • Sixty-one percent of the respondents say they have a plan in place that would allow them to replace all Symantec certificates by the upcoming deadlines, but only fifty-eight percent have an accurate inventory that includes the IP address of all devices where certificates that chain up to a Symantec root were installed.
  • Nearly two thirds (sixty-two percent) are confident they don’t have certificates from unauthorized CAs but only half have controls in place to detect this.
  • Seventy-four percent believe they can find and replace all certificates affected by a CA compromise quickly, but only eight percent have automated processes in place.

Last year, researchers affiliated with Google decided that Symantec, and their affiliated CAs, had mis-issued thousands of Transport Layer Security (TLS) certificates. As a result, Chrome researchers announced a formal plan to remove trust from Symantec-issued certificates. The first deadline is April 17th, 2018 when Chrome 66 and Mozilla will distrust Symantec TLS certificates issued prior to June 1, 2016.

About Venafi
VenafiVenafi is the Immune System for the Internet™ and protects the foundation of all cybersecurity—cryptographic keys and digital certificates—so they can’t be misused by bad guys in attacks. In today’s connected world, cybercriminals want to gain trusted status and remain undetected, which makes keys and certificates a prime target. Unfortunately, most security systems blindly trust keys and certificates. Venafi patrols across the network, on devices, and behind the firewall, constantly assessing which SSL/TLS, SSH, WiFi, VPN and mobile keys and certificates are trusted, protecting those that should be trusted, and fixing or blocking those that are not. As the market-leading cybersecurity company in Next Generation Trust Protection (NGTP) and a Gartner-recognized Cool Vendor, Venafi delivered the first Trust Protection Platform™ to protect keys and certificates and eliminate blind spots from threats hidden in encrypted traffic. As part of any enterprise infrastructure protection strategy, Venafi TrustAuthority™, Venafi TrustForce™, and Venafi TrustNet™ help organizations regain control over keys and certificates by establishing what is self and trusted on mobile devices, applications, virtual machines and network devices and out in the cloud. Venafi protects Any Key. Any Certificate. Anywhere™. From stopping certificate-based outages to enabling SSL inspection, Venafi creates an ever-evolving, intelligent response that protects your network, your business, and your brand. Venafi Threat Center also provides primary research and threat intelligence for attacks on keys and certificates. Venafi customers are among the world’s most demanding, security-conscious Global 5000 organizations in financial services, retail, insurance, healthcare, telecommunications, aerospace, manufacturing, and high tech. Venafi is backed by top-tier venture capital funds, including Foundation CapitalPelion Venture Partners, and Origin Partners.