One million misissued certificates from only three companies is likely just the tip of the iceberg – there are probably millions more that haven’t been disclosed yet and GoDaddy, Google and Apple aren’t the only ones that use EJBCA.
We’re calling this incident a snafu – but that downplays how much impact mismanaged, non-compliant certificates can have on a business. From outages, to major security holes to misuse, for example, Apple is still cleaning up its enterprise certificate misshap from last month. Our research with the Ponemon Institute shows that 71% of businesses don’t even know how many certs they have – and are definitely not equipped to revoke and reissue at this scale, which also requires coordination with customers to prevent downtime. This is the perfect use case for automation technology in IT.