DigiCert has introduced a new solution that lays the groundwork for complete and autonomous on-premises security certificate management. The new DigiCert Automation Manager is a containerized solution, made for enterprises with high-volume transport layer security (TLS) certificate requirements. Managing certificates has never been easy, but the rate at which they get replaced has accelerated and has created a need for automation. The new DigiCert product sits behind the firewall and streamlines certificate automation to reduce the attack surface.
Definition: In cryptography, certificate management is discovering, analyzing, monitoring and managing all digital certificates deployed by a certificate authority. Up-to-date certificates indicate that a system’s security includes the latest protection features. Proper certificate management should be fundamental to an organization’s security strategy.
DigiCert rolls out Automation Manager
Automation Manager is built using DigiCert’s modernized, cloud-native architecture, so it can be deployed in a private cloud, giving customers the agility of cloud with the security of on-premises. Alternatively, because it runs in a container, customers deploy it in their favorite cloud provider—such as AWS, Azure, IBM Cloud—or wherever organizations have their cloud resources. The ability to tightly couple the product to any environment the customer has is a big plus for the DigiCert product.
To get a better understanding of why this historically manual process needs to be automated, I interviewed Brian Trzupek, DigiCert’s SVP of Product. He explained to me that certificate lifecycles are getting shorter, but the volume of digital certificates is skyrocketing, making automation essential for organizations. The average certificate lifecycle is now about 13 months, compared to years gone by. Digital transformation has reduced lifecycles, with certificates increasingly used for identity and authentication. Certificates are also used briefly for applications that have shorter life cycles.
Internet of things adds to certificate complexity
Another trend is that certificates are being used to secure internet of things (IoT) endpoints, and I’m expecting to see a surge in this area as people return to work. Historically, IoT has been limited to a handful of verticals, but much of the technology that is used to create a safe work environment will come from more connected things. This includes temperature scanners, environmental sensors and even cleaning robots. This could cause administrators to have to manage hundreds or even thousands more devices.
“We need to understand the human aspect of generating certificates. Humans are making errors constantly. The errors—such as putting the improper information inside the certificate or not being able to properly generate the public and private key—are very pricey,” Trzupek said.
In actuality, in my conversation with IT pros, there has been a desire to automate this process for a while, but there were some concerns that DigiCert seems to have addressed. The distributed nature of organizations today makes automation difficult, but the cloud-native design enables Automation Manager to run in a distributed environment. There also has been a historical fear that automating this process would kill jobs, but there’s a better understanding that not automating puts the job at risk, because too many mistakes will make services unviable for employees or customers.
Large volumes of short-lived certificates now the norm
Companies are now faced with handling large volumes of short-lived certificates, and this creates an already massive and growing problem. Automation Manager addresses the problem by simplifying certificate administration through a single pane of glass for both public and private certificates. The solution does this using several key features.
Key features of Automation Manager
- Automation Manager is a single point of access, which creates a secure representational state transfer application programming interface (REST API) connection back to CertCentral, DigiCert’s enterprise automation and discovery suite, where certificate issuance takes place. Having one secure API connection back to DigiCert reduces network complexity and protects transmitted data.
- Automation Manager is a scalable solution, where everything resides inside a Docker container. Organizations can utilize Kubernetes clusters to deploy many Automation Managers in different environments and have workflows in specific regions, according to their policies.
- Automation Manager supports network appliances and popular load balancers, such as F5, AWS and A10. Load balancers play a key role in enterprise environments. DigiCert simplified load balancer integration by eliminating the need for a command-line interface (CLI), where organizations use a simple dashboard for load balancing. Automation Manager integrates with load balancers and allows them to host issued certificates that are being used for web servers.
Trzupek said DigiCert is building a solid foundation with Automation Manager as the company expands the solution to reach deeper into different kinds of servers and infrastructure within the enterprise. DigiCert will soon be expanding Automation Manager’s capabilities to support web servers such as Apache, Nginx and IIS, in addition to servers placed behind firewalls.
If 2020 was the year IT changed because of COVID, then 2021 needs to be the year of automation to let IT scale. DigiCert’s Automation Manager is a highly scalable solution that enables customers to shed the burden of managing certificates. Given the rise in the number and importance of certificates, there’s simply no room for error and no upside in doing things manually.