VIEWPOINT Is your web security future-proof? By 2029, new mandates will dictate that SSL/TLS certificates last just 47 days. While this has been welcomed by many looking to strengthen online security, businesses will need to prepare Secure Sockets Layer/Transport Layer Security (SSL/TLS) certificates are the cornerstone of online security. In basic terms, they are a form of digital identification that verifies a website is legitimate and keeps the data you input – whether that’s a password or your credit card information – secure from hackers. These certificates currently last up to 398 days, but this long lifespan increases the risk window for misuse. If a certificate is compromised, attackers have more time to exploit it. That’s why the Certification Authority Browser Forum (CA/B Forum) – a voluntary gathering of certificate issuers and suppliers of internet browser software – has approved the move towards a 47-day maximum validity by 2029. This change, which has been welcomed by many companies including Microsoft, reflects the industry’s push for stronger security by reducing exposure. While the transition will be phased, IT teams need to prepare. Shortening certificate validity hastens the move towards automated workflows, since the manual tracking of more frequent renewals will prove cumbersome and time- and resource-intensive. Industries with high-volume, security-sensitive operations – such as finance, healthcare, retail and government – will feel the impact most acutely. Even smaller organisations will need an effective strategy since certificate mismanagement can lead to outages, compliance gaps or exposure to attacks. Certificate management can be automated in different ways depending on individual needs. For companies managing one or two simple websites, an automatic certificate management environment is probably enough to handle certificate renewals. However, larger organisations, who manage multiple websites or complex systems, will require a public key infrastructure which provides full control, visibility and rules to keep certificates organised. Ultimately, preparing for this shift requires some forward planning. It means having visibility of processes, greater standardisation and at least some degree of automation. Organisations that audit their certificate inventory, implement centralised policies, deploy automation tools and – crucially – educate and train their employees, reduce risk and ensure seamless operations. By taking these steps, businesses can navigate this major security shift and protect their digital infrastructure. And that’s not all. As it stands, the encryption used by most certificates could eventually be cracked by quantum computers. By renewing certificates more often, businesses can quickly switch to stronger, quantumresistant encryption before problems occur. This not only reduces the risk of outdated encryption being exploited, but also keeps a business and its systems future-proof. Steven Hall is senior product marketing manager for certificate lifecycle management and certificate automation at GMO GlobalSign STEVEN HALL: GMO GLOBALSIGN 57
RkJQdWJsaXNoZXIy NzQ1NTk=