Saturday, December 3, 2022

Organizations Should Implement Crypto-Agility Platform

By Vishal Muktewar - November 01, 2021 5 Mins Read

With the premature scaling of the certificates, organizations should opt for automating the lifecycle of certificates to eliminate the manual steps employed by most organizations.

All too often, certificates are issued and forgotten about, until they expire. Many organizations lack the platforms to gain a full inventory of issued certificates. Lack of full visibility is the leading cause of outages.

“The simple fact is that most legacy PKI, such as Microsoft ADCS, has been deployed across the enterprise with little to no consideration as to how to deal with the ongoing lifecycle management of the certificates that are issued,” says Chris Hickman, Chief Security Officer, Keyfactor. Layer in the fact that certificates are often issued from multiple sources (Internal PKI, Public CAs, DevOps tools, etc.) and the issue of lifecycle management quickly becomes a concern not just of IT security or a particular user group, but a concern impacting the entire organization. Thus, to address this issue, Keyfactor has taken unique and practical approaches to help organizations solve certificate and key lifecycle management at scale.

As per Chris Hickman,“Our Crypto-agility platform allows organizations to gain complete visibility into the certificates in use and where they are being used.” Utilizing the platform, organizations can leverage the Keyfactor orchestrators to automate certificate lifecycle across their endpoints, network, multi-cloud infrastructure, and DevOps toolchain. Once deployed, teams gain full visibility, eliminating outages and manual certificate management. Keyfactor has the unique flexibility to deliver fully-managed PKI and certificate automation in a cloud, hybrid or on-premises deployment.

Also Read: Why Enterprise Should Opt for Hybrid Environment

Implementing the platform

The platform enables organizations to seamlessly orchestrate every key and certificate across the enterprise. A few steps recommended by Chris Hickman are as follows:

  • Inventory the certificates

Simply put, this involves gaining full visibility from each CA on the certificates it has issued to the organization. Getting this data from the CAs means that it is authoritative and therefore, you can see exactly what certificates should be in use in the organization.

Next, scan the environment to find where the certificates are deployed. Coupling the certificates that have been issued from the CA and where they are in your network will provide full visibility.

  • Analyze

At this point, it is wise to look at the data to make an educated decision as to what needs to be addressed and in what priority based on the following:

Risk: finding certificates that put your organization at risk is often an immediate priority. It is common to identify certificates that are self-signed, do not meet current cryptographic standards, or are issued to assets no longer in use.

Impact: The next most common pool of certificates to be addressed are those that are of a high impact to the business if they expire, get breached or need to be quickly changed in the event of an event. It is not uncommon to include certificates used to protect web traffic like SSL/TLS certificates and those on load balancers.

Needs: Many certificates are highly prioritized but have a lesser or limited impact should there be an issue or an outage.

  • Automate

Now that the highest risks have been mitigated and the entire inventory is known, it is a good time to use the output from the analysis above to automate certificate lifecycle management. Using an orchestrator to manage certificates on the devices where they are needed will eliminate the need for manual renewal and configuration changes.

  • Monitor

Keeping an eye on the certificates in the organization will now be significantly simplified and organizations will have the ability to cut through any “noise” to better detect and act on any events or anomalies that might occur.

Keeping up with the evolving needs

Keeping up with the evolving needs of the customers is the only way for brands to progress. Hence, Keyfactor takes steps to constantly monitor trends and business needs from its customer base, partners, industry analysts and the broader market. “From pioneering cloud-based PKI as a Service in 2014, to expanding into SSH key management and code signing, to introducing a new industry-first hybrid model, we continue to stay ahead of the innovation curve in machine identity management,” said Chris Hickman.

Also Read: Top 3 DevOps Skills to Succeed in the Industry

The Road Ahead 

The trend for certificate use will continue to accelerate and therefore, proven scale and frictionless integrations will continue to be at the forefront of customer needs. “The reality is that with the explosive growth of the use of certificates, this challenge can lead to undesirable business consequences such as disruption, outages or breaches,” said Chris Hickman.

Keyfactor continues to innovate to address these challenges for its customers, be it in the enterprise or IoT devices. Earlier in 2021, Keyfactor made the acquisition of PrimeKey, creating the IAM industry’s first-ever machine identity management platform for the enterprise.

“PrimeKey is a huge part of Keyfactor’s vision for scalability and flexibility. Organizations want the flexibility to deploy where and how they want and scale-up without friction – that means rapid issuance of certificates and seamless automation to provision identities in fast-paced DevOps and cloud environments,” adds Chris Hickman.

[vc_tta_tour][vc_tta_section title=”Chris Hickman” tab_id=”1602598322051-0408cb00-0e1c”]

Chris Hickman is the chief security officer at Keyfactor, the leader in cloud-first PKI as-a-Service and crypto-agility solutions



Vishal Muktewar

Vishal Muktewar is a Senior Correspondent at On Dot Media. He reports news that focuses on the latest trends and innovations happening in the B2B industry. An IT engineer by profession, Vishal has worked at Insights Success before joining Ondot. His love for stories has driven him to take up a career in enterprise journalism. He effectively uses his knowledge of technology and flair for writing, for crafting features, articles and interactions for technology enterprise media platforms.

Subscribe To Newsletter

*By clicking on the Submit button, you are agreeing with the Privacy Policy with Enterprise Talks.*