Venafi survey reveals enterprises plagued by epidemic of stolen and lost digital certificates

78% of organisations have experienced downtime due to mismanaged encryption this year

LondonMarch 16, 2011Venafi, the inventor of and market leader in Enterprise Key and Certificate Management (EKCM) solutions, today announced the shocking findings of its 2011 Venafi Encryption Key and Digital Certificate Management Report. The report reveals that organisations are deploying increasing numbers of digital certificates and encryption technologies, but that these security assets are also becoming lost, stolen and unaccounted for in epidemic proportions. Ironically, digital certificates and encryption keys are critical components of all information security programs, but they become dangerous liabilities when they go missing and find their way into the wrong hands.

Jeff Hudson, CEO of Vanafi said: “It is well documented that digital certificates played a key role in the Stuxnet attack that destroyed multiple centrifuges in an Iranian nuclear facility, and it is widely accepted that lost encryption keys can provide malicious insiders access to valuable corporate information revealed on high–profile whistle–blower sites such as WikiLeaks. Venafi compiled results from market and analyst report research, from a 471–respondent survey that included managers up to C–level executives from enterprise–class organizations within multiple industries, and from prior market surveys. The findings are shocking.”

Respondents surveyed reported the following:

  • 51 percent stated they had experienced either stolen or unaccounted-for digital certificates, or that they were uncertain if their organisations had lost, stolen or unaccounted–for digital certificates in general.
  • 54 percent stated they had experienced either stolen or unaccounted for encryption keys, or that they were uncertain if their organisations had lost, stolen or unaccounted for encryption keys in general.

Exacerbating the problem is the volume and diversity of encryption technologies and certificate authorities (CAs) organisations must deal with on a daily basis. The number of encryption assets in their inventories grows regularly, and scattered individuals and teams frequently manage them. According to the survey findings:

  • 46 percent of organisations are managing at least 1,000 digital encryption certificates; 20 percent are managing more than 10,000.
  • 83 percent of organisations are managing technologies from at least two different CAs; 18 percent are dealing with more than five.
  • 88 percent of organisations have multiple administrators managing encryption keys; 22 percent have more than 10.
  • 42 percent of organisations manage encryption technologies from at least four vendors; 8 percent are dealing with more than 10.

Fifty–nine percent of the respondents surveyed worked in organisations with more than 5,000 employees. Respondents' organisations spanned a wide range of industries, including high tech, telecommunications, banking/financial services, energy/oil and gas, government, aerospace, manufacturing and retail. Among the respondents was one of the world's largest food distributors and consumer retailers. To access the complete report, visit:

Learn More about Venafi and Customers at Infosecurity 2011

This announcement comes on the heels of the recently announced Venafi Encryption Director 6 product release. Director 6 is recognised by customers and analysts as the only security platform that can fully automate EKCM processes that allow organisations to automate discovery, monitoring, validation, management and security of the most commonly used encryption assets. During Infosecurity 2011, 19th to the 21st April 2011 in London, Venafi will be providing on–demand demonstrations of Director 6 in its booth (# AA52) during exhibition hours.

About Venafi

Venafi is the inventor of and market leader in Enterprise Key and Certificate Management (EKCM) solutions. Venafi delivered the first enterprise-class solution to automate the provisioning, discovery, monitoring and management of digital certificates and encryption keys—from the desktop to the datacenter—built specifically for encryption management interoperability across heterogeneous environments.

Venafi products reduce the unquantified and unmanaged risks associated with encryption deployments that result in data breaches, security audit failures and unplanned system outages. Venafi customers include the world's most prestigious Global 2000 organizations in financial services, insurance, high tech, telecommunications, aerospace, healthcare and retail. Venafi is backed by top-tier venture capital funds, including Foundation Capital, Pelion Venture Partners and Origin Partners. For more information, visit