FinServ Fears Cert-Related Outages Will Hurt Brand
Over one-third of global finance chief information officers (CIOs) acknowledge organizations experienced an outage in the last six months, according to a new study from Venafi, the leading provider of machine identity protection.
The study queried more than 100 CIOs in the financial services industry from the U.S., U.K., France, Germany and Australia and found that financial services organizations are more likely to have digital certificate-related outages than other industries.
Since January 2019, 36% of financial organizations suffered an outage that had some degree of impact on critical business applications or services. Despite the impact to business, participating CIOs reported that they are more concerned about the impact to customers from certificate-related outages, with 50% of CIOs admitting they fear damage to brand from an outage.
Survey participants also said these types of outages are only going to become more severe, according to the report. Approximately one-third (34%) said they are concerned about increasing interdependencies, which could make future outages even more painful.
Meanwhile, certificate use continues to skyrocket in the financial services industry with 82% of respondents expecting to see certificate usage in their organizations grow by at least 25% in the next five years. In addition, 56% of respondents projected a minimum growth rate of greater than 50%.
“Organizations from every sector struggle with certificate-related outages on critical infrastructure, but it’s clear that these issues are even more pronounced in the financial services industry,” said Kevin Bocek, vice president of security strategy and threat intelligence for Venafi, in the release.
“The entire sector is focused on trust, performance and reliability, so they can’t afford service interruptions. At the same time, the industry has been transformed by open banking initiatives. As a result, financial services organizations rely on machine identities to secure and protect a wide range of business-critical, machine-to-machine communication. Unfortunately, these critical security assets are often unmanaged and unprotected, even though they protect mobile applications, containerization initiatives and cloud architectures.”
Source: Information Security Magazine