Advancing the Usability of PKIs

Tuesday, February 06, 2018

Dan Timpson

9d9e32000b07da9c5acd1ad33accbbb6

Public Key Infrastructure (PKI) certificates have long served as the optimal method for securing the servers on the web and, increasingly, Internet of Things (IoT) devices. Deploying and updating PKIs used to be a largely manual process that required the time and attention of IT personnel. Today, there are tools that can automate those tasks, which makes securing the connections between networks, devices and their users simpler and more cost-effective. 

Certificates can be used to encrypt data at rest. PKI also enables the authentication of users, systems, and devices without the need for tokens, password policies, or other cumbersome user-initiated factors. In mutual authentication scenarios, certificates will uniquely identify devices which enhances authorization and secure device-to-device communication.  As a result, certificates ensure that any data or messages transferred cannot be altered.

The challenge for an enterprise becomes determining what exactly it’s trying to protect, particularly as more companies embrace the IoT trend. PKIs ensure that the basic security requirements for data confidentiality, data integrity, and data accessibility are properly configured for all devices.

That’s becoming more complex, and virtually impossible to perform via manual processes. Why? Because of the sheer number of devices that are coming online.

By 2020, over 25 billion devices will be connected to the Internet, and each one of those connections must be secure to mitigate risks and protect organizations and individuals from malicious attacks.

To give you a better sense of scale, consider that 10 years ago, Certificate Authorities issued approximately 10 million certificates that verify a digital entity’s identity on the Internet worldwide. Today, just one company may request 10 million certificates for its realm of devices and services. That’s where the math starts to get complicated.

After all, PKI is built on math, leveraging algorithms to direct the inspection and validation of the signatures that enable secure communication and data-sharing between devices and networks. Fortunately, technology has advanced to enable computers to handle the complex algorithms used to inspect and validate the secure connection to a device or web site.

Unfortunately, the cyberattacks targeting those systems are also becoming more sophisticated and hitting more frequently. That is why a critical aspect of the effective use of PKI is updating those certificates as the threat landscape changes. In other words, PKI usage is not something to “set and forget”, and today requires thoughtful security planning in the process. Too often, a cloud service provider will experience a system outage simply because someone forgot to renew a certificate. The blame falls on a faulty manual process.

Therefore, the way PKI becomes more usable is by partnering with a Certificate Authority (CA) that can introduce and manage automation technologies to relieve IT of those responsibilities. IT and users should not have to worry about “breaking” something because they were not paying attention to the right discussion forum or right threads about new attacks. 

This can also be especially valuable in development environments, where developers are checking code in and out. PKIs enable each developer to sign what they are accessing, thereby creating chains of trust. This can be very useful to both open source projects, and to protecting a company’s download site from being hijacked and falling victim to a DNS attack.

If your organization is going to rely on PKI, it’s important to also leverage the benefits that automation can provide. This is where partnering with a CA can help, both today and tomorrow. CAs take on the responsibility of managing PKIs, which includes participating in forums and working groups to ensure that PKIs evolve to meet the ever-changing threat landscape. This relieves enterprises of having to take on those responsibilities, so they can focus on their strategic business priorities.

About the author: Dan Timpson is DigiCert Chief Technology Officer, responsible for DigiCert's technology strategy and driving development that advances PKI innovation for SSL and IoT customers. Timpson’s team focuses on continuous improvement to deliver a comprehensive digital certificate management platform for DigiCert customers that includes standards-based, automated certificate provisioning for devices and APIs for seamless integration with third-party systems.

Possibly Related Articles:
13249
Webappsec->General
PKI Digital Certificates Public Key Infrastructure Internet of Things IoT
Post Rating I Like this!
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.