Feb 10, 2021, 13:39 PM
Riaan De Villiers
For today's post we will look at the benefits of SSL / TLS certificates and why it is so important to have a proper certificate management process in place.
Why is TLS certificate management so important?
Last week we looked at the events that will be shaping the SSL / TLS landscape for 2021.
This week we will look at why TLS certificates are important to an organisation and why a good certificate management process is so critical.
Image source: Christina Morillo from Pexels.
From a customer’s perspective there are at least 5 compelling reasons to use a TLS certificate on your website:
- The TLS certificate provides proof of your identity to users logging on to your website.
- TLS will encrypt the connection between the user and your website, protecting their data.
- Improved security will help create trust with your customers.
- Google will rank protected website higher then unprotected sites.
- TLS can help you satisfy requirements for compliance such as PCI / DSS and WebTrust.
However, these essentials advantages that you get on your website is not all. Implementing TLS certificates and digital certificates in your organisation will also help you secure your organisation.
Security services provided by digital certificates
TLS and digital certificates leverage of the cryptographic services provided by Public Key Infrastructure (PKI).
Here is some of the security services that you can get by using PKI based digital certificates in your organisation:
- Code signing
- Internet of Things
- Access management
- Protecting emails
Executables and scripts developed by your organisation can be signed with a digital certificate. The signature will identify the author of the code to prevent impersonation and tampering.
Internet of Things
TLS certificates can be embedded on IoT devices. The TLS certificate will help to identify devices to provide them access to your network. It will also encrypt data sent from the device to your network.
Digital certificates can be used to timestamp a transaction. The timestamp will serve as proof of the time of transaction and it will also prevent an attacker changing the details of the transaction.
Authorised users can be issued with a TLS certificate to serve as proof of their identity. When the user wants to log onto a protected resource, the digital certificate can be presented as proof of their identity and that they have been authorised to access the resource.
By default, emails are sent unsecured across the Internet. This gives attackers an opportunity to intercept the emails. TLS certificates can be used to encrypt emails and identify the author of the email.
With so many advantages of using PKI and digital certificates it is essential to have a good certificate management program in place.
Without a proper certificate management process in place, organisations run the risk that they issue to many certificates to properly keep track of.
Unmanaged certificates could be used by attackers to gain unauthorized access to your network. Another issue with unmanaged certificates is that they are time bombs for service disruptions. A certificate that expires can cause service disruptions.
When implementing a certificate management process, it is important to understand the digital certificate life cycle.
The digital certificate life cycle
At a high level a digital certificates life cycle would consist of the following events:
- Issuance: after a user or machine passes through an identity vetting process to verify their identity, a digital certificate is issued to them.
- Renewal: Due to security reasons, a digital certificate has a limited lifespan. If a certificate is still being used at the end of its lifespan, the certificate must be renewed for another period.
- Revocation: If a certificate is not required anymore, it is important that the certificate be revoked so that it cannot be used if the certificate falls into the wrong hands.
To manage the digital certificate lifecycle effectively it is important to have a monitoring and discovery process in place.
Monitor: As stated, a certificate has a limited lifespan. It is important that the certificates issued by an organisation be monitored. Certificates nearing the end of their life must be renewed timeously in order to prevent service disruptions. A good certificate monitoring tool will provide administrators with a dashboard where they can quickly see which certificates need attention.
Discovery: It is recommended that organisations regularly perform a certificate discovery process. During this process a tool will scan the entire network (or certain segments) to determine what certificates have been installed and to verify that they have been implemented correctly. The discovery process ensures that there are no unknown certificates on the network that could potentially become a security risk or cause a service disruption.
Certificate management can seem daunting but LAWtrust partnering with Entrust can assist!
We have the tools and the expertise to help you manage your certificates.
Contact LAWtrust today to learn more about our digital certification automation and discovery tools.