GMO GlobalSign Survey of Enterprises and SMBs Finds Many Unprepared for PKI Automation
GMO GlobalSign inquired about the challenges companies will face when Google reduces the maximum certificate to 90 days.
- Nearly a third of respondents said the increased administrative work and complexity were the biggest concerns (30 percent). Also worrisome for respondents is the possibility of more frequent root certificate updates, such as expected Mozilla updates set for 2024;
- Twenty percent of survey participants believe that a seven-year rotation for root certificates is manageable and would not cause a significant impact;
- Fifteen percent of those who responded worried about costs and overhead. This was of particular concern to small businesses and websites, where added costs might not be justified by the owners;
- Another thirty percent voiced concerns with older or legacy systems, frequent expirations as well as security and compliance challenges
Automation Stumbling Blocks
GMO GlobalSign also asked respondents about general barriers to automation. Responses were separated into five buckets: technical limitations compatibility issues, security, cost and resource constraints, lack of knowledge or expertise and infrastructure
- Thirty eight percent believe that technical limitations and compatibility are the biggest blockers to automation. This includes not having out-of-the-box solutions for automating certificate management, the lack of support for automated renewal in certain systems or environments (such as Windows, IIS, Plesk), and the incompatibility of some systems with standard automated solutions.
- A quarter of respondents point out cost and resource constraints as potential obstacles. This includes the costs associated with developing a custom automation system, and the resources needed to manage and maintain solutions for automated certificate management.
- Twenty percent of participants say a lack of knowledge or expertise is another potential challenge to automating certificates. This includes not knowing whether systems support the injection of new certificates and the restart of services, or being unfamiliar with, automation in general.
- Ten percent also cite security concerns, especially the governance and control of a fully automated system, as well as the need for audit trails, security approval and oversight in free public CAs.
- Seven percent also express concerns about the limits of infrastructure. This includes servers that are behind firewalls with strict policies, equipment that does not provide an API or other facility to manage the certificate, and networks that do not have access to the internet.