Financial services CIOs are increasingly getting concerned about the impact of certificate-related outages on their customers
Digital signatures and certificates, which act as the sender’s personal seal of authenticity over any electronic document, are an essential component of online businesses. However, the number of outages related to digital certificates is also on the rise. This is true particularly in the financial organizations, as per machine identity protection firm, Venafi validates through a survey that over one-third of CIOs in finance organizations acknowledge experiencing an outage in the last six months.
The study found that from January to June, whopping 36% financial services organizations experienced digital certificate-related outages that impacted critical business applications or services. In addition, financial services CIOs are more concerned about the impact of certificate-related outages on their customers.
“Organizations from every sector struggle with certificate-related outages on critical infrastructure, but it’s clear that these issues are even more pronounced in the financial services industry,” said Kevin Bocek, vice president of security strategy and threat intelligence for Venafi.
“The entire sector is focused on trust, performance and reliability, so they can’t afford service interruptions. At the same time, the industry has been transformed by open banking initiatives. As a result, financial services organizations rely on machine identities to secure and protect a wide range of business-critical, machine-to-machine communication. Unfortunately, these critical security assets are often unmanaged and unprotected, even though they protect mobile applications, containerization initiatives and cloud architectures,” explained Bocek.
Leading analysts report that the average cost of a critical infrastructure outage in global 5000 organizations can average USD 5,600 per minute, or more than USD 300,000 per hour. For large networks, severe outages can take days to resolve and cost as much as USD 500,000 per hour or more.
Certificate-related outages can be especially problematic in highly digital sectors like the financial services industry, where the impact on business revenue often goes hand in hand with customer experience and satisfaction.
There is no doubt that outages impact the reputations of financial services organizations. In this case over 50% CIOs said they are concerned their companies’ reputations would be damaged by certificate-related outages.
The study shows some disturbing future trends where a little more than a third of the respondents believe that they are concerned the increasing interdependencies between technologies and services will make future outages even more painful.
Bocek comments, while humans rely on usernames and passwords to identify themselves and gain authorized access to applications and services, machines use digital certificates to serve as machine identities in order to communicate securely with other machines and gain authorized access to applications and services.
According to him, while organizations are spending a great deal to protect and manage passwords, they spend almost nothing to protect and manage machine identities. “Most organizations do not have a clear understanding of how many machine identities are in use, which devices are using them, and when they will expire. This lack of comprehensive visibility and intelligence leads to outages,” Bocek highlights.
Another recent survey by ResearchAndMarkets observes that the digital signatures market was valued at USD 3.06 billion in 2018 and is expected to reach a value of USD 5.7 billion by 2024, at a CAGR of 21.5%, during the forecast period 2019 - 2024.
The researchers see the market to further boom as financial organizations (particularly e-commerce and online banking) are on a consistent need for data security while transmission of sensitive information.
Here are a few takeaways for CIOs to secure their networks to gain customers’ confidence:
- CIOs in leading organizations can integrate automation and orchestration technologies where possible to help improve security outcomes.
- There is a greater need to invest in machine learning and data analytics for cybersecurity, and not just password protection solution.
- CIOs should persuade and influence the management that cybersecurity needs to be a board-level issue and a high priority for executive management.
- Instead of being complacent keep updating and upgrading cybersecurity technology to deal with new and emerging threat vectors.
- Seek more diligence and expertise in managing SSL/TLS and other key digital certificates instead of simply using a spreadsheet and calendar reminders.
“Ultimately, companies must get control of all of their certificates; otherwise, it's simply a matter of time until one expires and causes a debilitating outage,” Bocek concludes, adding that CIOs need greater visibility, intelligence and automation of the entire lifecycle of all certificates to do this.