Stop Certificate Outages from Increasing in Frequency and Severity

Machine identity management was a mess

This company had experienced 27 P1 outages in the year before they deployed Venafi as a Service. That was a 100% increase from the previous one. One of those outages brought down the company’s email server for more than a day, while another prevented their customers from accessing their software knowledge base for several hours.

The company realized that their machine identity management strategy was, to put it kindly, a mess. They lacked a companywide strategy for TLS machine identities and the various business units that were attempting to manage them did so using spreadsheets, calendar reminders and Microsoft OneNote. Meanwhile, the lack of an enforceable corporate policy meant that:

• Certificates were being stored in unexpected locations
• End users regularly obtained certificates from unapproved Certificate Authorities (CAs)
• There wasn’t a way to enforce certificate configurations, such as minimum encryption strength
• No inventory existed for discovering and monitoring all these certificates

The company needed a solution that could help them continuously discover certificates and add them to the companywide inventory, as well as gain the necessary intelligence on those certificates, so that they could replace expiring ones before they brought about yet another outage. But the CA-based solutions weren’t the answer because they only worked with certificates issued by that CA. And they needed a solution that was quick to deploy, provided the necessary management and could scale as they grew.

Venafi as a Service (VaaS) transformed machine identity management

Venafi as a Service transformed the way the company managed their machine identities. According to their chief network architect:

Sponsorships Available

Sponsorships Available

Sponsorships Available

“Before we deployed Venafi as a Service, resolving an outage was a nightmare. We had to figure out if the certificate even existed, find where the server was located and document the server. It was impossible to build a complete inventory, let alone one that stayed up to date. Venafi as a Service does it instantly.”

With the help of Venafi as a Service, the company found three times the number of certificates as they had originally estimated, including wildcard and self-signed certificates. But now they were able to find and replace all expiring ones before they could cause an outage.

The Venafi Customer Success Team also helped the company set up Venafi as a Service to configure enterprisewide machine identity policies that addressed certificate attributes and simplified workflows for certificate issuance, among other things.

And Venafi as a Service also optimized the way development teams built applications:

“Venafi as a Service also allowed [development] teams to effortlessly procure policy-compliant certificates that would optimize the reliability and security of applications. Automated Secure Keypair, a central Venafi as a Service feature, also made it easy for users to generate a private key and keep it safe from compromise within Venafi as a Service.”

Intrigued? You can read the entire case study here. But before you go, here’s a money quote from the company’s chief network architect:

“Venafi as a Service has transformed our business. We haven’t had a single outage since it’s been deployed. Not only have we been able to press play on running our business, but with the efficiencies that Venafi gives us, we can now press fast-forward on growth.”

Related Posts

• Why Stopping Certificate Outages Starts with an Outage Safety Net
• High-Profile Outages After Let’s Encrypt Root CA Expiry [As Expected]
• Anatomy of a Certificate Outage [Epic Games]
• Painless Certificate Outage Prevention

Certificate-related outages have plagued just about every organization at some time or another. And if you don’t do anything to improve the way you manage them, they tend to increase in frequency and severity. That’s what happened to a technology company that recently became a Venafi as a Service customer, the subject of a recently published case study.