This is the second part of a two-part series on the proper management of SSL Certificates.
In Part I of this series, we discussed some of the risks and implications of poorly managed SSL Certificates. When SSL Certificates expire or become compromised, the need to rectify the situation quickly is paramount. Take the example of a recent incident where a Certificate Authority (CA) was compromised. Customers of that CA may want to take appropriate actions quickly to minimize any cascading impact from that security breach. Unfortunately, if the customers do not have a robust SSL Certificate Management System, they may not know their level of threat exposure.
Many organizations recognize the risks and implications of out-of-status SSL certificates. Some may consider developing in-house certificate management, or purchasing an external SSL Certificate Management System to mitigate the risks.
Here are some key capabilities to consider for an SSL Certificate Management System:
- Visibility – you need visibility on all your SSL Certificates, regardless of CA, in your network. An SSL management system must be able to discover any SSL Certificates and maintain information such as quantity of SSL Certificates by CA, location of SSL Certificates in your network, and the status of SSL Certificates. These types of data must be readily available in order to respond quickly and effectively to any security breach. You should be able to view your SSL Certificate inventory at a summary or detailed level.
- Flexibility –you will need to run regular scans in your system to minimize risks of expired SSL Certificates or having rogue SSL Certificates. The scanning utility of the SSL Certificate Management System must be adaptable to your current needs and flexible enough to accommodate process changes in your organization. Depending on the size of your network, you may need an intelligent scan utility that can discover SSL Certificates quickly.
- Security - users of an SSL Certificate management system must be assigned roles and responsibilities according to their access needs. User profiles are updated regularly to ensure they are current with personnel changes.
- Automation – automated alerts and notifications are critical to help ensure appropriate personnel have sufficient time in preventing SSL Certificates from becoming out-of-status.
- Accountability – an audit trail tracks actions and helps ensure accountability. With an audit trail, you will be able to review and improve on processes as necessary.
An SSL Certificate management system with these capabilities helps ensure business continuity while increasing operational efficiency. Whether your SSL Certificates are managed centrally or in a distributed manner, those five capabilities should be at the core of your evaluation for an SSL Certificate Management System.