DEVOPSdigest

AppViewX announced new functionality in the AppViewX CERT+ certificate lifecycle management automation product that helps organizations prepare for Google’s proposed 90-day TLS certificate validity policy.

AppViewX CERT+ provides visibility, automation and control to manage both public and private trust certificates so organizations can minimize disruption, enhance their overall cybersecurity posture and adapt to the coming changes that will reduce maximum TLS certificate validity from 398 days to 90 days.

Google's proposed policy, likely to be implemented in late 2024, poses a substantial challenge for organizations of all sizes, particularly those with a large number of public trust certificates. It will force organizations to renew their TLS certificates every three months down from the current thirteen month validity period. This change, meant to increase cybersecurity protection and defense in depth against bad actors, will put tremendous stress on PKI, IT operations and security teams, and increase the risk of application and service disruptions due to expired certificates.

In a recent Forrester research study, 58% of organizations that suffered a data breach attributed the cause to avoidable certificate management issues. Additionally, many enterprise organizations continue to suffer application and service outages due to expired certificates, such as the Starlink incident in 2023.

“Google's 90-day TLS certificate expiration policy ensures better security processes by highlighting the need for reduced validity periods via automation. Without certificate lifecycle automation, enterprises will face operational challenges in managing digital certificates at scale with on-time renewals,” said Gregory Webb, CEO of AppViewX. “Our new Google 90-Day TLS readiness functionality enables businesses to inventory their entire certificate estate while providing the automation readiness for a seamless transition to the new policy via certificate revocation, issuance and reprovisioning in order to avoid potentially disruptive events.”

The AppViewX CERT+ Google 90-Day TLS Readiness Capability provides the following benefits at no additional cost to customers to help them identify and renew certificates before they expire, validate domain ownership, and understand their risk:

- Discovery, Inventory and Analysis: Performs a thorough discovery of existing public TLS certificates (from various sources such as network and device scans, CT logs, CA repositories and 3rd party inventories), creates a comprehensive inventory and provides analysis to determine the potential impact of the new 90-day renewal policy.

- Security and Risk Assessment: Identifies heightened security risks and operational challenges created by the shortened certificate lifespan.

- Compliance Check: Ensures that all TLS certificates and configurations will still be compliant with Google's updated policy before it is approved by the CA/Browser Forum, including security and encryption protocols.

- Automation Readiness: Evaluates the organization's ability to automate the certificate renewal and management process, which is critical for performing the frequent renewals required by Google's policy.

The AppViewX Google 90-Day TLS Readiness Capability is available immediately to all AppViewX customers and partners using the SaaS version of AppViewX CERT+.