Aug 16, 2022

Stop Certificate Outages from Increasing in Frequency and Severity Community Chats Webinars Library Stop Certificate Outages from Increasing in Frequency and Severity brooke.crothers Machine identity management was a mess This company had experienced 27 P1 outages in the year before they deployed Venafi as a Service. That was a 100% increase from the previous one. One of those outages brought down the company’s email server for more than a day, while another prevented their customers from accessing their software knowledge base for several hours. The company realized that their machine identity management strategy was, to put it kindly, a mess. They lacked a companywide strategy for TLS machine identities and the various business units that were attempting to manage them did so using spreadsheets, calendar reminders and Microsoft OneNote. Meanwhile, the lack of an enforceable corporate policy meant that: Certificates were being stored in unexpected locations End users regularly obtained certificates from unapproved Certificate Authorities (CAs) There wasn’t a way to enforce certificate configurations, such as minimum encryption strength No inventory existed for discovering and monitoring all these certificates The company needed a solution that could help them continuously discover certificates and add them to the companywide inventory, as well as gain the necessary intelligence on those certificates, so that they could replace expiring ones before they brought about yet another outage. But the CA-based solutions weren’t the answer because they only worked with certificates issued by that CA. And they needed a solution that was quick to deploy, provided the necessary management and could scale as they grew. Venafi as a Service (VaaS) transformed machine identity management Venafi as a Service transformed the way the company managed their machine identities. According to their chief network architect: “Before we deployed Venafi as a Service, resolving an outage was a nightmare. We had to figure out if the certificate even existed, find where the server was located and document the server. It was impossible to build a complete inventory, let alone one that stayed up to date. Venafi as a Service does it instantly.” With the help of Venafi as a Service, the company found three times the number of certificates as they had originally estimated, including wildcard and self-signed certificates. But now they were able to find and replace all expiring ones before they could cause an outage. The Venafi Customer Success Team also helped the company set up Venafi as a Service to configure enterprisewide machine identity policies that addressed certificate attributes and simplified workflows for certificate issuance, among other things. And Venafi as a Service also optimized the way development teams built applications: “Venafi as a Service also allowed [development] teams to effortlessly procure policy-compliant certificates that would optimize the reliability and security of applications. Automated Secure Keypair, a central Venafi as a Service feature, also made it easy for users to generate a private key and keep it safe from compromise within Venafi as a Service.” Intrigued? You can read the entire case study here . But before you go, here’s a money quote from the company’s chief network architect: “Venafi as a Service has transformed our business. We haven’t had a single outage since it’s been deployed. Not only have we been able to press play on running our business, but with the efficiencies that Venafi gives us, we can now press fast-forward on growth.” Related Posts