Certificates and keys become the security battleground

Venafi has warned that outdated approaches to establishing trust on the internet are leaving customers exposed to security threats

Most of the security market moves at a cracking pace as threats evolve and criminals look for fresh angles as they try to get their hands on sensitive data but there have been some areas that have lagged behind.

One of those is the use of digital certificates, which have not changed too much since they were first introduced a couple of decades ago to help customers identtify which websites could be trusted.

But increasingly digital certificates are being compromised and many UK firms are exposed to cyber criminals as a result, which should provide the channel with an opportunity to solve the problem.

The 2015 Cost of Failed trust Report from Venafi has indicated that trust in digital certificates is at a turning point and 63% of UK firms were not aware of where all their keys and certificates were located.

With certificates multiplying as a result of mobile devices the opportunities for criminals to exploit the confusion in a business is increasing and is expected to become an evern greater source of security threat.

"The security market changes itself every two to three years and this is an area where there hasn't been a change for 20 years," said Kevin Bocek, vice president of security strategy and threat intelligence at Venafi.

Up to now the dangers with malicious digital certificates has been beeping loudly on the enterprise business radar but it is becoming more widely understood and the SME arena is now starting to turn to the channel for help.

"It has been at the large enterprise but it is a changing and is a very new area for the channel," said Bocek, who added that customers across key verticals including finance and retail could not afford to have a trust issue around their websites.

He added that although some secutiry resellers might not be selling solutions to the problem now they were probably handling some vendor's that operated in the encryption space which were already reporting on an increase in problems with keys and certificates.

Read more on Remote Access Security

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.