Every Solution You Can Imagine – and More
What cybersecurity solution do you need? From Zero Trust to ADR, IAM, risk/privacy, data protection, AppSec and threat, securing digital transformation, to resiliency and remediation, we can build the right program to help solve your challenges.
A Single Partner for Everything You Need
Optiv works with more than 450 world-class security technology partners. By putting you at the center of our unmatched ecosystem of people, products, partners and programs, we accelerate business progress like no other company can.
We Are Optiv
Greatness is every team working toward a common goal. Winning in spite of cyber threats and overcoming challenges in spite of them. It’s building for a future that only you can create or simply coming home in time for dinner.
However you define greatness, Optiv is in your corner. We manage cyber risk so you can secure your full potential.
October 5, 2023
In March 2023, the Google Chromium Project published a roadmap document called Moving Forward, Together, which outlines the organization’s intention to reduce TLS certificate lifespans issued from a public key infrastructure (PKI) from 13 months (or 398 days) to just 90 days.
The dramatic reduction in certificate lifespan is intended to make it much harder for cybercriminals to misuse a certificate. With the reduction in lifespan, criminals will have much less time to attack or exploit a certificate before it is replaced. This will help to prevent man-in-the-middle attacks or other data capture or exfiltration attacks. As we move toward Zero Trust security models and a post-quantum world, Machine Identity Management (MIM) will become key to organizational success and security.
While the coming changes in certificate lifespans are necessary to force evolution and tighter security compliance across the industry, these changes will dramatically increase the workload for PKI and security teams worldwide. However, the failure to renew certificates in a timely manner can have significant financial and reputational impacts on a business. Companies can experience customer service disruptions, lost revenue, security vulnerabilities, compliance violations and reputational damage—leading to millions of dollars in lost revenue and unplanned expenses. According to Gartner, a customer service disruption could cost an organization $42,000 per hour, and the Ponemon Institute has found that ransomware incidents can cost, on average, $4.6M.
For a security or PKI team that has efficient, well-documented processes, it is reasonable to assume that it will take an average of 3 hours per certificate. In a small environment with only 500 certificates, that is 1,500 hours a year or 62.5 days of work under the current lifetime maximums. Once the changes go into effect, the minimum operation load will become 6,000 hours or 250 days a year. When factoring in the additional time needed to coordinate the installation of certificates on endpoints and adhere to maintenance windows, this estimate can expand dramatically. For many companies, this will mean hiring new employees to cover this increased load or investigating the possibility of utilizing a managed service that can provide the same level of expertise.
The automation functionality available in the major Certificate Lifecycle Management (CLM) software on the market today allows a security team to reduce the handling time from days to minutes. In addition, companies can leverage built-in integrations with major hardware and software vendors in the information technology and security space.
Certificate lifecycle management is no longer a nice-to-have option. Teams will require well-defined processes and policies, CLM software, and the personnel to absorb the new workload quickly.
The adoption of a CLM platform can be time-consuming. The new certificate lifespan rule is expected to go into effect by the end of 2024. Between the necessary planning, existing policy review, potential clean-up of current systems and rollout to the userbase, it is possible that the full implementation and migration to a new CLM could take several months.
Companies that have the new tooling or a managed service in place before the end of 2023 or early 2024 will have more time to prepare for the influx of requests and cases once the rule takes effect.
Schedule a brief introductory call to speak with us about your security challenges and to learn more about how we can help you stay ahead of today’s top PKI threats.
Optiv Security: Secure greatness.®
Optiv is the cyber advisory and solutions leader, delivering strategic and technical expertise to nearly 6,000 companies across every major industry. We partner with organizations to advise, deploy and operate complete cybersecurity programs from strategy and managed security services to risk, integration and technology solutions. With clients at the center of our unmatched ecosystem of people, products, partners and programs, we accelerate business progress like no other company can. At Optiv, we manage cyber risk so you can secure your full potential. For more information, visit www.optiv.com.
Let us know what you need, and we will have an Optiv professional contact you shortly.