Advancing the Usability of PKIs

Public Key Infrastructure (PKI) certificates have long served as the optimal method for securing the servers on the web and, increasingly, Internet of Things (IoT) devices. Deploying and updating PKIs used to be a largely manual process that required the time and attention of IT personnel. Today, there are tools that can automate those tasks, which makes securing the connections between networks, devices and their users simpler and more cost-effective.

Certificates can be used to encrypt data at rest. PKI also enables the authentication of users, systems, and devices without the need for tokens, password policies, or other cumbersome user-initiated factors. In mutual authentication scenarios, certificates will uniquely identify devices which enhances authorization and secure device-to-device communication.  As a result, certificates ensure that any data or messages transferred cannot be altered.

The challenge for an enterprise becomes determining what exactly it’s trying to protect, particularly as more companies embrace the IoT trend. PKIs ensure that the basic security requirements for data confidentiality, data integrity, and data accessibility are properly configured for all devices.

That’s becoming more complex, and virtually impossible to perform via manual processes. Why? Because of the sheer number of devices that are coming online.

By 2020, over 25 billion devices will be connected to the Internet, and each one of those connections must be secure to mitigate risks and protect organizations and individuals from malicious attacks.

To give you a better sense of scale, consider that 10 years ago, Certificate Authorities issued approximately 10 million certificates that verify a digital entity’s identity on the Internet worldwide. Today, just one company may request 10 million certificates for its realm of devices and services. That’s where the math starts to get complicated.

After all, PKI is built on math, leveraging algorithms to direct the inspection and validation of the signatures that enable secure communication and data-sharing between devices and networks. Fortunately, technology has advanced to enable computers to handle the complex algorithms used to inspect and validate the secure connection to a device or web site.

Unfortunately, the cyberattacks targeting those systems are also becoming more sophisticated and hitting more frequently. That is why a critical aspect of the effective use of PKI is updating those certificates as the threat landscape changes. In other words, PKI usage is not something to “set and forget”, and today requires thoughtful security planning in the process. Too often, a cloud service provider will experience a system outage simply because someone forgot to renew a certificate. The blame falls on a faulty manual process.

Therefore, the way PKI becomes more usable is by partnering with a Certificate Authority (CA) that can introduce and manage automation technologies to relieve IT of those responsibilities. IT and users should not have to worry about “breaking” something because they were not paying attention to the right discussion forum or right threads about new attacks.

This can also be especially valuable in development environments, where developers are checking code in and out. PKIs enable each developer to sign what they are accessing, thereby creating chains of trust. This can be very useful to both open source projects, and to protecting a company’s download site from being hijacked and falling victim to a DNS attack.

If your organization is going to rely on PKI, it’s important to also leverage the benefits that automation can provide. This is where partnering with a CA can help, both today and tomorrow. CAs take on the responsibility of managing PKIs, which includes participating in forums and working groups to ensure that PKIs evolve to meet the ever-changing threat landscape. This relieves enterprises of having to take on those responsibilities, so they can focus on their strategic business priorities.

About the author: Dan Timpson is DigiCert Chief Technology Officer, responsible for DigiCert’s technology strategy and driving development that advances PKI innovation for SSL and IoT customers. Timpson’s team focuses on continuous improvement to deliver a comprehensive digital certificate management platform for DigiCert customers that includes standards-based, automated certificate provisioning for devices and APIs for seamless integration with third-party systems.

Source: infosec island

With over 20 years of experience, Serviceteam IT design and deliver sophisticated connectivity, communication, continuity, and cloud services, for organisations that need to stay connected 24/7. We take the time to fully understand your current challenges, and provide a solution that gives you a clear understanding of what you are purchasing and the benefits it will bring you.

To find out how we can help you, call us on 0121 468 0101, use the Contact Us form, or why not drop in and visit us at 49 Frederick Road, Edgbaston, Birmingham, B15 1HN.

We’d love to hear from you!