A ServiceNow SSL root certificate failure last week caused widespread disruption, affecting more than 600 customers. 80 percent of Fortune 500 companies rely on ServiceNow to provide critical services.
On the discussion platform Reddit, many users have expressed their anger about the effects of the outage.
“The certificate failure that has upset hundreds of ServiceNow customers shows that there are serious gaps in ServiceNow’s processes that need to be addressed,” commented Kevin Bocek, Chief Innovation Officer at Venafi. “Root certificates are the foundation of digital security and online identity – they are at the top of the trust pyramid, authenticating and issuing other TLS identities. When the root certificate expires, it affects all other machine identities associated with it – that’s why we’ve seen such a far-reaching impact.
This type of failure is entirely preventable – if you have the right tools and procedures in place. However, reports indicate that the expiry was reported weeks in advance, but the replacement was not done properly – suggesting that attempts are still being made to manage these machine identities manually. Manually managing machine identities in today’s complex IT environments is an impossible task. And it is becoming increasingly difficult. There are more than 290 million TLS certificates worldwide. In the last two years alone, this number has increased by more than 40 million. This number will continue to rise as fast-moving, dynamic cloud-native environments and AI-driven services become the norm. With Google also on the verge of mandating 90-day certificate expiration dates, continuous replacements and shorter lifespans will soon become the norm.
Automation is essential. Organizations need a ControlPlane to manage and secure machine identities throughout their lifecycle in all environments, including the cloud – from issuance to ongoing management to retirement and replacement. By automating this process, organizations can’t be surprised by an unexpected or overlooked expiration and the process is no longer prone to human error.”
(lb/Venafi)