Security News > 2022 > March > Lack of CLM maturity is putting organizations at risk

Lack of CLM maturity is putting organizations at risk
2022-03-31 05:00

More than a year after the historic and damaging SolarWinds attack, nearly 65% of organizations still are unable to secure and govern the growing volume of machine and application identities in the form of digital certificates, the backbone of enterprise security, according to a report from AppViewX and the Ponemon Institute.

The report, based on a survey of 1,586 IT and Security professionals on the challenges and strategies in digital identity and access management, found that more than half of respondents say their organizations have experienced one or more security incidents or data breaches due to a digital-certificate related compromise within the last two years.

To prevent these incidents from occurring, only four in 10 organizations have an enterprise-wide security strategy for managing cryptographic keys and certificates.

Recognizing these issues, many organizations have started to shift their priorities, putting greater emphasis on machine identity management, as well as managing and securing digital certificates versus human identities, such as usernames and passwords,, which they feel are less important.

"The fact that companies are spending such an exorbitant amount on managing and securing digital assets, yet less than 15% of respondents consider their current CLM programs to be mature, is concerning to say the least," said Gregory Webb, CEO of AppViewX. "With nearly half of organizations routinely experiencing security incidents from certificate expiries, it's no longer responsible or feasible to use manual, siloed tactics and systems or legacy antiquated tools in a CLM program. Adopting a zero trust strategy bolstered by automation is the only cost-effective and viable way forward."

"Our research with AppViewX reveals there's been a great awakening for a large number of organizations that recognize the importance of a CLM program, but it's also unveiled the fact that there's a false sense of security that leaders at these organizations are effectively capable of managing their digital certificates through current tactics," said Larry Ponemon, chairman of the Ponemon Institute.


News URL

https://www.helpnetsecurity.com/2022/03/31/secure-digital-certificates/