96
Are you ready for the change to SSL Certs?
View this email in your browser
The weekly newsletter of the Business of Tech, giving you new insights into the world of IT service delivery.
Looking for stories from the podcast stories? Check out the pod itself on Apple Podcasts, Spotify, or daily in your inbox. Stories are available to everyone for five days,and Patreon supporters forever.
Was this forwarded to you? Join the list!
The upcoming big change to SSL certs
If you haven’t already heard about the big change coming to those TLS certificates, allow me to be the bearer of bad news: the maximum term of an SSL certificate is dropping to 90 days.
There’s a lot of work to do to prepare for the transition, so I recently welcomed Tim Callan onto a bonus episode of The Business of Tech. As the CEO of Sectigo and host of the PKI and security podcast Root Causes, Callan has all the insight you need to handle the change with ease.
From a deeper look into the role of TLS certificates to recommendations for automated solutions, here’s what he shared:
Saying Goodbye to Traditional TLS Certs
I asked Callan to kick things off with an overview of the issue and why these certificates matter in the first place. He explained that TLS certs, commonly referred to as SSL, are the basic certificates that we use to secure servers at every type of organization. Even if you don’t deal with them directly, it’s important to know that they’re absolutely ubiquitous and have been for a long time.
And until quite recently, everyone got used to the maximum term of these certificates being 398 days (roughly 13 months). In fact, once upon a time, you could buy 5-year and 10-year certificates. But on March 3rd, the Google Chromium Root Store announced that the maximum term of an SSL certificate will be reduced to just 90 days – less than a quarter.
Despite how trivial the change might seem, this is one of those issues that’s about to impact just about every business out there. For most organizations, this has typically been a very manual process. You go in, you do an upload, you pay the fee, and you get back the new certificate. But now that this will need to be done so much more often, businesses risk forgetting a whole lot more of them.
Wondering what happens when they slip through the cracks? Once they expire, Callan explained, the server simply stops working. AKA, you flirt with the possibility of an outage – a whole lot more than you did before.
TLS Certs and Digital Identity Management
For a bit more background on why certificate management matters, I asked Callan to explain their relationship with digital identity management.
He explained that digital identity management determines if a digital actor is actually the digital actor they’re claiming to be:
“It could be all kinds of things. It could be a server, it could be me logging in, it could be a task, it could be a container in a containerized environment, any one of those things needs to be identified because if it’s not identified, that could be something doing something bad,” he said.
And if you break down how that’s done from a compsci perspective, it’s done using certificates, which act as little files distributed throughout servers and machines. Each file cryptographically ensures that the device or actor is who they say they are. So without them, everything falls apart – when they all inevitably expire, everything else stops working.
Solutions Worth Exploring
As an IT service provider who deals with a lot of different customers and their different needs, Callan has a very important recommendation: look at automated solutions.
One that he’s looking into is called ACME, an automated certificate management environment. Although it’s not everywhere yet, it’s still one of the most commonly supported API, and the number of applications, platforms, and operating systems that supports ACME is growing all the time. He suggests building an automated solution around it.
Another option is what the category people call certificate lifecycle management, or CLM. It’s usually SaaS, and it’s able to ee your certificates, know what they are, and give you management and support, reports and visibility, automatic renewal, and automatic installation if something like ACME is also in place.
“By doing that, you can really just take most of that workload away, and you reduce the risk of error or a missed certificate dramatically. We really recommend that people look into a CLM solution as a possibility, and they look into an automated solution, especially ACME,” said Callan.
If you’d like to follow his advice and embrace automation, these are the priorities Callan recommends looking for in a solution:
Automated discovery: a lot of organizations have no idea how many certificates they’re using, so it would be great to find a tool that hunts them all down for you.
Automated visibility: similarly, look for something that enables you to see everything you have in one place.
Automated renewal and deployment: look for something that lists out every expiring renewal with buttons you can quickly click to provision a new one. In a perfect world, this would also be able to deploy it for you.
A Look At Timing
To be clear on timing, you’re going to start running into issues 90 days after your next renewal date. The existing certificates are going to be allowed to keep going to whatever end date you signed up for last time, but the next time you renew, you’ll only be able to get a maximum of a 90-day cert. Then, by the end of that timeframe, you either need to have an automated system in place or remember to do it manually. Otherwise, your risk factor starts to go up.
Customers That Need Automation the Most
I asked Callan if there are certain types of customers that are going to be much more relevant for that automatic certificate lifecycle management style solution, and he explained that it’s extremely dependent on the elements you’re already using.
For example, if an environment already supports something like ACME, it’ll be a lot easier to add in an automated TLS cert renewal software. And you might be surprised to find that big companies are the least likely to have something like this – with 30-year-old systems, it’s rare to find stuff that supports ACME.
So, tech-savvy organizations are going to be the customers who can benefit from an automated renewal process.
And when I said up top that every business is about to be impacted, I wasn’t exaggerating. According to Callan…
“Size-wise, this covers everybody. This is one of those odd technical problems that applies to every business in every category, every geography, every business size, we’re all going to have to deal with this. Everything we do is digital these days. It’s really going to hit the broad spectrum in terms of everyone needing a solution.”
For more details on the change and how to navigate it, check out Callan’s podcast Root Causes. They focus on PKI, digital identity, and digital certificates, and they plan on updating listeners on 90-day certificates, post-quantum cryptography, and other things that relate to the transition.
As always, my inbox is open for thoughts and questions: [email protected].
More from MSP Radio
Missed Things?
How about our latest videos to catch you up?
The Daily Podcast available as videos
Exploring the Service Leadership Profitability Report with Peter Kujawa
Public Private Partnerships for Technology companies with Debra Lam
What a bootstrapped entrepreneur thinks of AI with James Benham
Culture, Marketing, and AI with Jeffrey Hayzlett
Want the Daily News?
All the stories from the daily Business of Tech Podcast are available in the daily digest, and stories are available to everyone for the first five days, and Patreon supporters forever. Catch the audio of the show anytime on Apple Podcasts, Spotify, YouTube, or wherever you find podcasts. Links at businessof.tech
Copyright © 2023 MSP Radio, All rights reserved.
Want to change how you receive these emails?
You can update your preferences or unsubscribe from this list.