Certificate Management as a Key Part of a Domain Security Strategy

As the digital economy grows, organisations need to constantly re-evaluate their online presence to ensure they are capitalising on the opportunities and rewards that technology presents but also mitigating any risks or threats that exist, whether caused by design or mistake.

The importance of domain security has never been so key as it is today.  The threat landscape is complex and constantly evolving, presenting risks to revenues, critical and confidential data and reputation.  One key element within the Com Laude Client-Shaped Domain Services approach is to assess and provide expert knowledge on how SSL/TLS certificates are managed on an ongoing basis.

Like domain names, many organisations have acquired SSL certificates over the years, with individual departments often purchasing them on an ad-hoc basis and outside of any set policy or strategy.  Whilst this does improve the levels of domain security and protection for an organisation, it can lead to an unstructured, unmanaged approach that could lead to problems in the future.  Unfortunately, it is still all too common for organisations to have several weaknesses in the way they approach SSLs.

Many organisations routinely do not know:

  • which domain names are using SSLs?
  • which domain names should be using SSLs?
  • the types of SSL certificate they have and what they should be using
  • what their SSL certificate management process is
  • who should be managing the SSL certificate portfolio?
  • what the budget for SSL certificates is?
  • the impact of letting certificates lapse or not having the right SSLs attached to the right domain names

Therefore, organisations should take a number of steps to understand what certificates they currently have and how they are being used.  A starting point for this approach is with the domain name portfolio, following the steps below to understand the security requirements of the organisation before considering the right SSL/TLS strategy.

  • Which domain names within the portfolio currently resolve?
  • Of the domain names that do resolve, where do they resolve to?
  • Are there any domain names not resolving that should and if so, to where?
  • Categorise the main purpose or function of every active website in terms of customer engagement
  • Highlight the websites that provide a gateway to any services that sit behind a log-in or a requirement to submit personal or financial data

Once an organisation has this data, it is then possible to map the existing SSL certificates and determine whether there are any websites that should have SSL that don’t and vice versa. This aspect of the approach will determine a future policy for SSL adoption and management.  To underline the importance of having a formalised, certificate management process, consider the following stats.  If an organisation has 50 SSL certificates, then the management burden per annum can be up to 225 hours, or approximately 28 working days if there are no processes in place. Whilst 82% of enterprises have been directly impacted by an unplanned certificate expiration, approximately 50% of enterprises have reported suffering the consequences of a lost or rogue SSL.

All of these problems can be addressed through a formalised SSL Management Strategy which will document the standardisation of certificates (both vendor, Certificate Authority and certificate type), the internal resources responsible for the SSL budget and management processes and having a full inventory of certificates and their expiry dates, something that has become more important for organisations since the move to 1-year maximum term certificates from September 2020.

The Com Laude Business Continuity Audit provides the intelligence and expertise for clients to develop their domain security policies and strategies.  An initial domain portfolio review will highlight the current SSL Certificate usage, the domain names that are critical to the organisation and what level of encryption they should be using as well as recommendations on the ongoing management of the portfolio.

SSL certificates are key in building customer trust.  They are a visible sign that data communication and integrity is being protected through high levels of encryption.  Not only does this protect online revenues but also the reputation of the organisation.  Ensuring that SSL certificates form an integral part of the greater domain security strategy, including DNS and Registry and Registrar Locking, is now an essential rather than a nice to have for all brand holders who are committed to developing their digital strategy.

For your own domain portfolio review, or to find out how you could improve your domain security strategy, get in touch.

We use cookies on this site to enhance your user experience. By clicking any link on this page you are giving your consent for us to set cookies.

OKNo; give me more information