TL;DR: Certificate operations are becoming a continuous burden as shorter renewal cycles, compliance pressure and manual tracking increase the chance of outages and missed renewals, according to GlobalSign. The governance issue is not just efficiency, but whether teams can sustain reliable lifecycle control when processes still depend on human recall.
NHIMG editorial — based on content published by GlobalSign: the stress of certificate management and automation
By the numbers:
- The change to renewals every 47 days has turned certificate management into a relentless operational cycle.
- Only 20% have formal processes for offboarding and revoking API keys, and even fewer have procedures for rotating them.
Questions worth separating out
Q: What breaks when device certificate revocation is handled manually?
A: Manual revocation breaks at scale because devices move faster than ticket-based processes can keep up.
Q: Why do shorter certificate lifetimes create more operational risk?
A: Shorter lifetimes compress the time teams have to discover, approve, renew, and validate trust without interruption.
Q: How do teams know whether certificate automation is actually working?
A: Look for fewer human-mediated renewals, cleaner ownership records, lower expiry-driven outage rates, and reliable reporting across hybrid systems.
Practitioner guidance
- Automate certificate discovery and ownership mapping Inventory every certificate, tie it to a named system owner and flag any certificate without an accountable owner.
- Set policy-based renewal thresholds Define renewal windows by service criticality and enforce them consistently, with automated alerts well before expiry.
- Unify certificate and NHI lifecycle controls Treat certificates, service accounts and API keys as one machine identity governance surface.
What's in the full article
GlobalSign's full article covers the operational detail this post intentionally leaves for the source:
- How certificate automation reduces the day-to-day burden on overstretched IT teams.
- Why shorter certificate validity windows amplify manual renewal risk.
- What certificate management means for team wellbeing, escalation load and operational continuity.
- How automation supports policy compliance and faster adaptation to changing certificate standards.
👉 Read GlobalSign's analysis of certificate automation and IT stress →
Certificate renewals every 47 days: what is changing for teams?
Explore further
Certificate sprawl is a machine identity governance problem, not a maintenance nuisance. The article describes certificate renewals as a human stress event, but the underlying issue is lifecycle governance. When certificates are scattered across teams, platforms and vendors, ownership becomes fragmented and failure becomes predictable. The wider identity lesson is that machine credentials need the same inventory, control and accountability discipline as human identities. Practitioners should treat certificate sprawl as part of NHI governance, not as an isolated infrastructure chore.
A question worth separating out:
Q: What is the difference between certificate management and NHI governance?
A: Certificate management focuses on issuance, renewal, and expiry. NHI governance is broader because it also covers identity ownership, access scope, policy enforcement, auditability, and lifecycle controls for the services, workloads, and agents that depend on those certificates.
👉 Read our full editorial: Certificate lifecycle automation is becoming an IT stress test