How Integrators Can Dispel Top 3 Myths of PKI Automation

Security professionals know the public key infrastructure (PKI) offers the best way to protect communications between an enterprise’s machines, network and mobile devices, virtual servers and the IoT. But what sends them to an integrator is the painful realization that managing digital certificates for this soaring volume of machines, devices and network end points has exceeded any efficient or reliable manual approach to lifecycle management.

PKI certification automation is the solution. But before they can help clients realize its benefits, integrators often need to dispel three myths about the Cloud-based digital certificate lifecycle automation solutions that are now available as a service (also known as PKI-as-a-Service).

Myth #1:  It is easier to just install certificates manually than to install and configure the utilities required for PKI certificate automation.

There was a time when automating PKI certificate management required the cost, configuration, support and point-of-failure risks of an intermediary command-and-control management platform. In contrast, today’s solutions use standards-based protocols such as Automated Certificate Management Environment (ACME), Enrollment over Secure Transport (EST) or Simple Certificate Enrollment Protocol (SCEP), making it much easier to automate certificate lifecycle management for any device.

Myth #2:  Different solutions are needed for private PKI and public trusted TLS/SSL certificates.

On the contrary, today’s one-stop solutions automate the installation and renewal routines for many different types of certificates. Particularly valuable is the ability to manage both trusted TLS/SSL certificates and, for greater chain-of-trust control, customer-dedicated private Intermediate Certificate Authorities (ICAs) through a single Cloud-based service.

Today’s options include both a web-browser-based portal for quick deployment and representational state transfer (REST) APIs for integrating certificate management with existing infrastructure. Having a single pane of glass for managing all enterprise public or private digital certificates reduces cost and complexity and the risk of certificate-related outages.

Myth #3:  There is no security downside to continuing manual PKI certificate lifecycle management.

In fact, it is extremely risky to manage PKI certificate lifecycles manually, especially in today’s complex device and user ecosystem with shorter certificate validity and more frequent renewals to improve security.

Today’s scale and complexity is much different than in the past when certificates secured a limited number of stationary devices, users and webpages connected through comparatively simple infrastructure. Certificates could be set up and forgotten for multiple years and managed through homegrown, on-prem certificate lifecycle management solutions with a bit of occasional manual intervention from IT.

The modern device and user ecosystem is simply too complex for IT departments to safely shoulder the burden of manual certificate renewal or management. An expiration will inevitably occur and create security liabilities.

Plus, the workflows associated with correcting the expiration, especially with system and service interdependencies in play, can be enormously complicated and time-consuming.  If expiration then goes on to cause an outage, every minute spent fixing the problem could result in millions of frustrated users and potential loss of business and diverting IT staff from mission-critical systems.

Maximizing Benefits

As organizations move to automated solutions, they can benefit from “out-of-the-box” integration with existing network infrastructure components and automated provisioning using standard protocol(s). This can reduce the overall cost of implementing PKI automation by 75%. Implementing a solution with end-to-end PKI coverage within the organization will deliver the benefit of eliminating security gaps and the risk of expired certificates.

Organizations will also need to choose PKI automation solutions that can help them adapt to a new, hybrid workplace environment created during the global pandemic. As an example, organizations from businesses to universities purchased a massive volume of Chromebooks that they sent home with people so they could work and study remotely.

They will need PKI automation solutions capable of issuing and managing the digital certificates for these devices so they can be seamlessly and securely connected to corporate and university networks, without passwords.

Digital certificates provide powerful, PKI-based security to enable the creation of trusted device identities but making sure they are managed properly can be a pain point for organizations that do not understand the benefits of digital certificate lifecycle management and how best to implement it.  Integrators can help them increase their information security posture using Cloud-based PKI services that emphasize automating digital certificate lifecycle management.

pkiMrugesh Chandarana is Product Management Director, Identity and Access Management Solutions, for HID Global.

The post How Integrators Can Dispel Top 3 Myths of PKI Automation appeared first on Security Sales & Integration.



from News – Security Sales & Integration https://www.securitysales.com/integration/integrators-myths-pki-automation/
via IFTTT

Comments

Post a Comment

Popular posts from this blog

Total Tech Summit Puts Call Out for Top Integrators to Apply Now

Image
FRAMINGHAM, Mass. — Total Tech Summit announces that applications are now being accepted to attend this year’s event. Comprised of the  SSI Summit, CE Pro Summit and Commercial Integrator Summit, this year’s event will take place in Las Vegas at the MGM Grand Hotel and Casino, Nov. 13-15. At this all-expense-paid, exclusive event, VIP guests will have the chance to sit in on industry-defining sessions, key boardroom presentations, and be able to meet one-on-one with potential vendors. Total Tech Summit brings together the best in class to share ideas, learn from others, and most importantly, accelerating the next stage of their businesses. It is the only event of its kind that bridges channels and connections by bringing together professional security, commercial AV and residential AV integrators. Another perk of the Total Tech Summit is the VIP Peer-to-Peer groups. These group conversations take place throughout the months leading up to the event and are guided by the editors of t
Read more

Top 10 Security Stories From October 2021: China Ban Gains Steam, Vivint Countersues ADT

October saw its fair share of legal issues and acquisitions. This month, lawsuits involved home security companies, a gunshot detection provider and even a media company. Vivint Smart Home is seeking retribution for the lawsuit ADT filed against it last year that alleged Vivint salespeople go to ADT customers’ homes, get them to sign Vivint contracts and install the company’s alarm systems in their homes under false pretenses. Vivint had requested a motion to have that lawsuit dismissed, but when the judge denied the motion, Vivint launched a countersuit claiming it is in fact ADT that is deceiving and stealing its customers. Gunshot detection provider ShotSpotter filed a lawsuit against media company Vice, alleging it is profiting off of fabricated claims. Vice has been critical about ShotSpotter’s technology in a multitude of articles. Though not a lawsuit, Dahua and Hikvision continue to feel pressure from the U.S. government as it considers a new measure that would make it imp
Read more

Minnesota AG Calls for Cancellation of Home Security Contracts for Alleged Fraud

STEARNS COUNTY, Minn. — Bring Me the News reports that Minnesota’s Attorney General, Keith Ellison, says he’s gotten consumers in Stearns County out of home security contracts after they were misled by a door-to-door salesman. According to the report, Ellison’s office announced that home security companies Skyline Security Management and Safe Home Security have agreed to their cancel contracts with customers in and around Stearns County who purchased their systems from door-to-door salesman Gary Harvey. “Door-to-door salesmen and their employers are in the business of trust-building,” Ellison said in a statement. “They know they need to have your trust to sell you their products, particularly expensive products like security systems that are supposed to keep your home safe. When that trust is betrayed, it’s emotionally and financially painful. I appreciate Skyline and Safe Home taking the right step in canceling these contracts while my office does what we can under the law to hold M
Read more