Certificate Lifecycle Management
The client had multiple units, both business and technology, that over the years had acquired thousands of different digital certificates from dozens of certificate authorities to support their applications and websites, both internal and external.
There was no centralized inventory or management of these certificates and the failure to properly implement, renew and revoke these certificates was resulting in multiple vulnerabilities, incidents and unscheduled downtime.
How this Project works
Hale Consulting Solutions LLC was engaged on this effort to assist to:
Pilot a Certificate Management Solution
We worked with the client to build a scalable infrastructure based upon the defined requirements and “try out” the solution functionality within a limited non-critical subdomain.
The functionality piloted included:
Certificate Discovery: Utilization of the solution to identify and inventory detailed information about the certificates deployed within the pilot domain.
Certificate Lifecycle Management: Utilization of the solution as a centralized console for certificate issuance, configuration, installation, remediation, renewal and reporting.
Certificate Automation: Automation of certificate monitoring, notification and renewals.
Evaluate the Solution
Using a documented and prioritized list of criteria, we evaluated each of the functional components to identify areas for improvements, both process and technical. Technical lessons learned were submitted to the vendor for future enhancements. Process lessons learned were used to update the policies & procedures for enterprise deployment.
Deploy the Solution Enterprise Wide
Using the evaluation and lessons learned as a guideline, we scaled the infrastructure to encompass multiple domains and deploy certificate management across the enterprise.
Project Result & Benefits of Project
- 80% reduction in major incidents associated with certificate management.
- Increased awareness of certificate inventory, resulting subsequent efforts to centralize certificate authority utilization & reduce costs.
- Treatment and reduction of risk associated with un-identified, un-managed certificates.
“The hyperscale growth of digital infrastructures have expanded not only from the data center to the cloud, but have embraced sophisticated multi-cloud strategies, and hybrid strategies that seamlessly integrate clouds and on-premise workloads. Digital certificates underlie the system integrity of all of it, the scale of which has become frighteningly massive.” - Andrew Lance & Anton Chuvakin