Avoidable digital certificate issues fuel data breaches

Among organizations that have suffered data breaches 58% were caused by issues related to digital certificates, according to a report by AppViewX and Forrester Consulting.

As a result of service outages, 57% said their organizations have incurred costs upwards of $100,000 per outage.

According to the Forrester study, “Enterprise organizations have traditionally been less focused on managing machine identities compared to human ones, partly because they have different requirements and more complicated lifecycle and security challenges. These digital certificates offer authentication and protect sensitive information. Yet, few [organizations] are confident in successfully layering and managing identity security across machines and navigating responsibility assignment for privacy and security.”

Factors influencing machine identity management rollout

58% of organizations that suffered a data breach attributed the cause to avoidable certificate-management related issues. 52% of organizations that suffered a service or application outage attributed the cause to certificated-related issues.

57% said their organizations have incurred over $100,000 per outage. 53% of respondents said they want to operationalize and fully automate their organization’s machine identity management (MIM) initiatives within the next one to two years.

53% of decision-makers highlighted the need to balance management of human and machine identities and vulnerabilities in an increasingly complex IT, edge and hybrid-cloud environments as a top driver of their organizations’ approach to MIM.

According to respondents, the top two drivers for implementing MIM were the desire to reduce the risk of data breaches (51%) and gain visibility over certificates and keys across emerging technologies (48%).

“We believe these findings demonstrate the risks and costs associated with lack of visibility and control over machine identity management, which can result in reputationally and financially damaging data breaches and service outages,” said Murali Palanisamy, Chief Solutions Officer at AppViewX. “With machine-based identities multiplying exponentially, organizations need to implement an integrated approach to machine and human identity management as a foundation for identity-first security and path to zero trust.”