Podcast highlights from Smells Like Identity Hygiene
When people think of identity, they usually picture usernames and passwords. But in today’s enterprise, a huge part of the identity landscape is non-human. Machine identities like SSL/TLS certificates and keys can number in the thousands, even tens of thousands, and when they’re not managed well the results can be costly for certificate security.
In this post, we share highlights from the Smells Like Identity Hygiene episode “Certificates Gone Wild: 47 Days Later” featuring Justin Hansen, Field CTO at Venafi, in conversation with host Rosario Mastrogiacomo. They unpack the risks of unmanaged certificates, the urgency of shorter lifespans, and how automation and governance must work together to strengthen certificate security.
Shorter Lifespans Could Mean More Operational Risk
Justin began by pointing to one of the biggest shifts happening now: the CA/B Forum’s decision to shorten certificate lifetimes. The move from a year to just 47 days forces organizations to rethink how they manage renewals.
“Number one, I think in this space that we’ve been hearing a lot is around the recent, going back to April, the CA/B forum decision to reduce certificate lifetimes from what is currently a year down to ultimately 47 days.” — Justin Hansen
The reduction means renewals will happen nearly eight times as often. For organizations that still rely on manual processes, the operational burden and the risk of outages will multiply. A single expired certificate can break applications, disrupt customer access, or expose data. Rosario noted that the scale of the problem makes certificate hygiene as critical as managing user accounts, since both can become blind spots if not properly governed.
Automation Is No Longer Optional
The pressure of shorter lifespans means that manual certificate processes cannot keep up. Justin noted that the industry is finally shifting toward automation, not as a nice-to-have but as a necessity.
“Anytime you get humans in the loop, you’re introducing security risks.” — Justin Hansen
He explained that manual approvals, legacy change-control processes, and red tape often create more risk than they prevent. As renewal volumes rise, these bottlenecks will only get worse. Instead, Justin recommended starting automation where it will have the biggest impact: load balancers, API gateways, and cloud key stores, where a single connection can cover hundreds of certificates.
Even with the right tools, he cautioned, no one will ever automate 100 percent of their environment. The key is to avoid letting corner cases hold everything back. Reaching 70 to 80 percent automation delivers the scale needed to handle shorter lifespans while freeing teams to tackle exceptions thoughtfully. This balance allows organizations to focus on higher-level governance and resilience in certificate security rather than firefighting expired certs.
AI and the Expanding Identity Landscape
Beyond certificates, Justin pointed to the rise of agentic AI as a new category of machine identity. These AI processes need credentials just like people or DevOps pipelines, but their speed and autonomy raise the stakes.
“Now we’ve got agentic AI that’s basically performing the work of all of those things… but the scale of those is significantly different.” — Justin Hansen
He explained that while a human or even a rogue DevOps script has limits, agentic AI can operate continuously at machine scale, provisioning resources, processing transactions, or chaining tasks together. That scale makes it essential to think about how these identities are authenticated, how their keys and API tokens are managed, and how access is governed.
Rosario warned of “shadow AI,” where SaaS vendors quietly add AI agents into their products without IT knowing. These invisible identities could leave security teams scrambling to figure out which accounts or certificates belong to which agents. Justin agreed, noting that vendors should design AI features with enterprise credential management in mind, otherwise security teams will be left cleaning up the mess.
Identity Hygiene Includes Machines Too
Identity hygiene is not just about people. Machine identities like certificates can be just as dangerous if left unmanaged, leading to outages, vulnerabilities, and loss of trust. Justin’s advice is clear: automation, visibility, and ownership need to be treated as part of core identity discipline to maintain strong certificate security.
To hear the full conversation, including Justin’s perspective on certificate automation, AI, and what organizations get wrong most often, check out the episode of Smells Like Identity Hygiene on YouTube: Certificates Gone Wild: 47 Days Later – Watch Now.
