Venafi Study: 85 Percent of IT Professionals Believe Google Will Distrust Additional Certificate Authorities

However, only 23 percent said they were confident in their ability to quickly find all certificates issued by a specific CA

SALT LAKE CITY--(BUSINESS WIRE)--Venafi®, the leading provider of machine identity protection, today announced the results of a study conducted by Dimensional Research that evaluates how prepared organizations are to respond to Certificate Authority (CA) errors and browser distrust events. The study includes responses from eleven hundred IT security professionals who are knowledgeable about CAs from the U.S., U.K. and Germany, France and Australia.

Although IT security professionals are troubled by future CA incidents, very few have the tools needed to switch CAs quickly. For example, just fifteen percent of respondents believe that Google’s decision to distrust Symantec certificates is a one-time event. However, if they were affected by a major CA event, only twenty-three percent said they are completely confident in their ability to quickly find and replace all their impacted certificates.

“CAs have a very difficult job and they deal with many complexities that are outside their control,” said Mike Dodson, global head of solution architects for Venafi. “Every CA is exposed to risks; and CA compromises and errors can leave organizations scrambling to find and replace many certificates in a short amount of time. Organizations need greater control over the CAs they trust, but they also must acknowledge that they’ll never have full control. For example, browsers play a big role in how we trust CAs. Chrome and Mozilla recently decided they would no longer trust certificates issued by Symantec, and now many organizations must replace these certificates before a set deadline.”

Additional findings indicate that security professionals may be over estimating their ability to respond to a CA incident:

  • Eighty-one percent of the respondents are concerned about future incidents involving CAs.
  • Sixty-one percent of the respondents say they have a plan in place that would allow them to replace all Symantec certificates by the upcoming deadlines, but only fifty-eight percent have an accurate inventory that includes the IP address of all devices where certificates that chain up to a Symantec root were installed.
  • Nearly two thirds (sixty-two percent) are confident they don’t have certificates from unauthorized CAs but only half have controls in place to detect this.
  • Seventy-four percent believe they can find and replace all certificates affected by a CA compromise quickly, but only eight percent have automated processes in place.

Last year, researchers affiliated with Google decided that Symantec, and their affiliated CAs, had mis-issued thousands of Transport Layer Security (TLS) certificates. As a result, Chrome researchers announced a formal plan to remove trust from Symantec-issued certificates. The first deadline is April 17th, 2018 when Chrome 66 and Mozilla will distrust Symantec TLS certificates issued prior to June 1, 2016.

Additional Resources:

Blog: Venafi Study Results: Will We See Future Browser Distrust Events?

Webcast: Epic CA Fails: How Quickly Can You Restore Trust?

Webpage: What To Do About Your Symantec Certificates

About Venafi

Venafi is the cybersecurity market leader in machine identity protection, securing connections and communications between machines. Venafi protects machine identity types by orchestrating cryptographic keys and digital certificates for SSL/TLS, IoT, mobile and SSH. Venafi provides global visibility of machine identities and the risks associated with them for the extended enterprise —on premises, mobile, virtual, cloud and IoT — at machine speed and scale. Venafi puts this intelligence into action with automated remediation that reduces the security and availability risks connected with weak or compromised machine identities while safeguarding the flow of information to trusted machines and preventing communication with machines that are not trusted.

With over 30 patents, Venafi delivers innovative solutions for the world's most demanding, security-conscious Global 5000 organizations, including the top five U.S. health insurers; the top five U.S. airlines; four of the top five U.S., U.K. and South African banks; and four of the top five U.S. retailers. For more information, visit:


Shelley Boose, 408-398-6987