By Kevin Bocek, Vice President, Security Strategy &Threat Intelligence at Venafi
Kevin Bocek, VP Security Strategy and Threat Intelligence at Venafi
The Let’s Encrypt certificate authority has gained a lot of popularity among developers in recent years, as it provides them with a quick, free and easy way to issue TLS machine identities for all types of important web services – from websites to customer applications. Our recent crawler report with Scott Helme shows that Let’s Encrypt now provides millions of active certificates – 28 percent of the top 1 million websites use the service. So if Let’s Encrypt suddenly has to revoke millions of certificates – as is currently the case – then this can lead to major upheavals and endanger critical services, as companies have to find and reissue tens of thousands of computer identities within just two days. Doing this manually is next to impossible and very prone to potentially costly errors – even more so when you consider that companies could have more than 57,000 computer identities that they are not even aware of. To protect themselves from such increasingly common events, security teams should automate the management of computer identities. In this way, you save your computers from the need for manual rotation, replacement and license revocation and do not have to fear the consequences if misconfigurations such as those of Let’s Encrypt occur.