“Switching to shorter life cycles of certificates significantly reduces these risks and is a necessary step.”  Venafi chief innovation officer Kevin Bocek said. However, he admits that “the introduction of 90-day certificates means that companies have to renew their certificates five times more frequently than before. This is a five-fold increase in effort.”

Challenges caused by switching TLS certificates

The survey shows that the shortened lifespan of TLS certificates presents companies with the following problems:

• Delayed provision: Only 8% of security leaders fully automate all aspects of managing TLS certificates across their company. Almost a third (29%) still use their own software and spreadsheets to solve the problem. As a result, it takes an average of two to three working days to provide a certificate.
• TLS conversion: The volume of TLS certificates used in companies has increased steadily in recent years due to the increasing adoption of the technology. Almost all (95%) security leaders say digital transformation initiatives increased their organization’s use of SSL/TLS by an average of 36% in 2023. As a result, the average company now manages 3,730 TLS certificates — a number that is expected to increase by 39% to over 5,000 by 2026.

Certificate lifecycle management could help companies get a grip on the problems with TLS certificate conversion. Well-known solution providers include Venafi, digitcert, TrackSSL, appviewx, Keystash, Keyfactor.