Ponemon Institute has just released a the “2013 Annual Cost of Failed Trust Report: Threats and Attacks.”  It showed that the cost of failed key and certificate management threatens the security of enterprises around the world – while costing $400 million U.S.

The report notes, “…Every business and government relies on cryptographic keys and certificates to provide trust for critical electronic communications. These technologies underpin the modern world of card payments, online shopping, smartphones and cloud computing. But, unlike before—when trust could be measured in terms of locks, safes and security cameras—executives, even those in IT security, little understand how truly fragile trust is today. A few kilobytes of cryptographic data is all that stands in the way of millions lost in sales, grounded airplanes and closed borders.

Unfortunately, criminals now understand how fragile our ability to control trust has become. The pervasiveness of cryptographic keys and certificates, as well as the protocols that depend upon them, makes exploiting trust very attractive. Businesses’ inability to detect attacks on trust, or take action if they do, makes the target all that more appealing.”

Ponemon says 18 percent of enterprises expect to be attacked due to using weak or legacy cryptography. The average number of keys and certificates in Global 2000 organizations is 17,807 – but 51 percent of enterprises have no idea how many keys and certificates are in use!

Tellingly, 59 percent believe if they establish proper key and certificate management, they could regain trust.

Why is TCG talking about this? Clearly, TCG offers several solutions to support safer key and certificate management. The TPM, already embedded into virtually all enterprise PCs and servers, can be used to protect keys and certifications. Self-encrypting drives also protect keys used to encrypt and decrypt data.