Poor SSL certificate data can harm IT security

Poor SSL certificate data can harm IT security

When companies use high assurance SSL certificates, they should be able to keep up with the numbers that go along with them, such as inventory of certificate populations and more, but a report from Osterman Research said this is a problem with many companies. Poor data about a company's SSL certificates can be something that ends up harming IT security and putting customers and businesses at risk.

Osterman's report, based on responses from 174 IT and security professionals, shows that 54 percent of businesses have inaccurate or incomplete inventories of their SSL certificate populations. The research company said this is an awful practice that jeopardizes vital business information and can expose the company to risks and compliance issues that otherwise would not have to be dealt with.

"The importance of sound certificate management practices is highlighted by the repeated certificate authority (generally referred to as CA) breaches over the past year," said Michael Osterman, president of Osterman Research. "We were startled by the lack of urgency regarding the issue. When considered in tandem with the high-value target CAs represent to hackers, we can predict more CA breaches and more security threats than we saw in 2011."

PCWorld said 2011 saw breaches of certificate authorities as well, which means that businesses really need to be on the ball with regard to guarding their SSL certificates. Losing track of even one could mean a breach of a customer that could not only harm the customer, but have ill effects on the business' reputation.

Companies who use security such as Symantec SSL certificates should be sure to take the measures to make sure these certificates are accounted for and stay secure. With the number of scammers and people looking to grab information from customers and companies, business and IT departments can't afford not to guard and keep track of an investment such as this.