On August 17th eWeek ran an article that described how improper SSL implementations can leave websites vulnerable to various cyber attacks. While this story is spot-on, what is equally important to consider is the proper management of SSL Certificates. The mismanagement of SSL Certificates can lead to financial loss and lack of credibility for your organization.
One particular challenge that enterprises face can be having hundreds of SSL Certificates and no proper SSL Certificate management tool. The status of each certificate is usually tracked manually on a spreadsheet or through some other manual mechanism. Manual mechanisms are prone to human error, and what’s more, data is difficult to track when IT personnel changes. In addition, it isn’t unheard of for an SSL Certificate to expire in the middle of the mess.
What is the true impact of an expired SSL Certificate?
In most cases, users will receive a warning that the server’s certificate has expired. At best, this is a reflection of poor security management of the business owner. Worse, customers are more likely to bypass the site and conduct business elsewhere. Some servers can be set to refuse connection as befits stringent security policies.
An internal Symantec survey shows that 90 percent of consumers will stop their transactions when they encounter a certificate expiration warning page, and 72 percent of consumers will proceed to competitors’ website or abandon their effort after the warning. Even if customers do not bypass the site, they may call to inquire if your site is legitimate. Just the phone calls alone will add to the volume of customer support calls which in turn add to the costs of operations. What’s more, your business may face a situation where the customer continues to connect to the site and the connection was sidejacked due to the absence of encryption. The company could suffer major financial loss as a consequence of the security breach as well as reputation damage.
So, as you think about implementing SSL Certificates, it is just as important to consider how you would manage the SSL Certificates that you have to avoid the headache of dealing with expired certificates.
In our next blog, we will share with you best practices on managing SSL Certificates.