- 78% of organisations have experienced downtime due to mismanaged encryption this year
Venafi, the inventor of and market leader in Enterprise Key and Certificate Management (EKCM) solutions, last week announced the shocking findings of its 2011 Venafi Encryption Key and Digital Certificate Management Report.
The report reveals that organisations are deploying increasing numbers of digital certificates and encryption technologies, but that these security assets are also becoming lost, stolen and unaccounted for in epidemic proportions. Ironically, digital certificates and encryption keys are critical components of all information security programs, but they become dangerous liabilities when they go missing and find their way into the wrong hands.
Jeff Hudson, CEO of Vanafi said: “It is well documented that digital certificates played a key role in the Stuxnet attack that destroyed multiple centrifuges in an Iranian nuclear facility, and it is widely accepted that lost encryption keys can provide malicious insiders access to valuable corporate information revealed on high–profile whistle–blower sites such as WikiLeaks. Venafi compiled results from market and analyst report research, from a 471–respondent survey that included managers up to C–level executives from enterprise–class organizations within multiple industries, and from prior market surveys. The findings are shocking.”
Respondents surveyed reported the following:
- 51 percent stated they had experienced either stolen or unaccounted-for digital certificates, or that they were uncertain if their organisations had lost, stolen or unaccounted–for digital certificates in general.
- 54 percent stated they had experienced either stolen or unaccounted for encryption keys, or that they were uncertain if their organisations had lost, stolen or unaccounted for encryption keys in general.
Exacerbating the problem is the volume and diversity of encryption technologies and certificate authorities (CAs) organisations must deal with on a daily basis. The number of encryption assets in their inventories grows regularly, and scattered individuals and teams frequently manage them. According to the survey findings:
- 46 percent of organisations are managing at least 1,000 digital encryption certificates; 20 percent are managing more than 10,000.
- 83 percent of organisations are managing technologies from at least two different CAs; 18 percent are dealing with more than five.
- 88 percent of organisations have multiple administrators managing encryption keys; 22 percent have more than 10.
- 42 percent of organisations manage encryption technologies from at least four vendors; 8 percent are dealing with more than 10.
Fifty–nine percent of the respondents surveyed worked in organisations with more than 5,000 employees. Respondents' organisations spanned a wide range of industries, including high tech, telecommunications, banking/financial services, energy/oil and gas, government, aerospace, manufacturing and retail. Among the respondents was one of the world's largest food distributors and consumer retailers.