Cyber Defense eMagazine January 2020 Edition

More documents

Recommendations

Info

56 Getting PKI Right Program Failures and How to Avoid Them By Chris Hickman, chief security officer, Keyfactor Public Key Infrastructure (PKI) has survived the test of time. Today, IT leaders and managers view PKI as a vital layer within the security framework, helping to authenticate and encrypt sensitive endpoints, software and applications. Historically, managing PKI has been a manual, on-premises process. Despite its critical role within the cybersecurity framework, PKI has struggled to find a clear owner within the organization. Add to that, results from a recent survey where just 36% of respondents said their organizations have enough IT security staff members dedicated to PKI deployment. With the industry’s skill shortage, shifting compliance requirements and competing budget priorities, how can you sidestep deployment landmines and manage a program that’s right for your enterprise and its budget? CISOs tackling their organization’s PKI program have two options: build or buy. Deploying DIY PKI onpremises requires significant investment while keeping the program running takes a dedicated team. Without appropriate resourcing and continuous care and feeding, PKI can degrade, leading to vulnerable keys, certificates, system outages or worse – a significant breach event. In addition to the added costs of network downtime, PKI events can create preventable network vulnerabilities. 56
57 Lessons Learned Unlike newer processes, PKI and its long history gives us countless real-life case studies of what has worked and what hasn’t. One recent case study followed a financial institution as they opted to build an application to manage its PKI and growing number of certificates. While the company was able to leverage an existing data center and physical security, implementation alone took the company four months, requiring the dedication of multiple team members across development, engineering and IT. In addition to resourcing, the project racked up significant hardware, licensing and integration costs. On the other hand, like other security functions, a growing number of leaders see the advantages of outsourced or managed PKI and are opting to ‘buy’ PKI via cloud deployment. Here are 5 reasons why: 1. Robust Security: If the root key or private keys within the network are compromised, it can result in significant disruption and downtime to PKI-dependent applications. In addition to specific tools used to protect keys, the facility housing critical PKI functions must be secure. PKI-as-a-Service (PKIaaS) vendors and their security policies and practices have been tested over time and at scale. If your enterprise falls under attack, you also have one less critical system to restore, as PKI is hosted safely in an isolated, off-premises cloud location. 2. Reduced Cost & Complexity: Moving PKI to the cloud can alleviate multiple security controls, maintenance tasks and infrastructure costs. Frankly, the capital expenditure and expertise needed to properly manage a solid internally run PKI is considerable, forcing many organizations to make critical PKI operations a secondary task. Adopting the right PKIaaS platform leads to greater productivity as IT and security teams can focus on core projects. Costs also become much more predictable, since the many hidden and traditional expenses of PKI are replaced with a flat rate billing model. 3. Scalability & Availability: A PKI that supports mission-critical applications must run 24/7 and have the ability to scale as the enterprise grows and adds new devices and identities. High availability and scalability built into cloud-delivered PKI models support growth demands, while 24/7 service monitoring ensures that critical components are always running. Most importantly, service level agreements (SLAs) guarantee response times and ensure that there is only “one throat to choke” should an incident occur. 4. Business Continuity: Finding and retaining IT and security staff capable of running PKI is no simple task. Shifts in PKI ownership inevitably increase the risk of security gaps as inexperienced hands fall on mission-critical infrastructure. Lapses in regular maintenance tasks, such as signing and publishing certificate revocation lists (CRLs) and renewing CAs, can cause significant outages that take days or even weeks to remediate. Deploying cloud-based PKI ensures that regardless of personnel changes, the infrastructure can continue to operate at full capacity. 57
Page 1 and 2:
1 Best Practices for Building A Com
Page 3 and 4:
3 CONTENTS Welcome to This Very Spe
Page 5 and 6: @CYBERDEFENSEMAG CYBER DEFENSE eMAG
Page 7 and 8: 7 7
Page 9 and 10: 9 9
Page 11 and 12: 11 11
Page 13 and 14: 13 Your website could be vulnerable
Page 15 and 16: 15 15
Page 17 and 18: 17 17
Page 19 and 20: 19 19
Page 21 and 22: 21 A further challenge arises from
Page 23 and 24: 23 About the Author Haythem Hammour
Page 25 and 26: 25 Focus on detection Although prev
Page 27 and 28: 27 What’s the Security Misconfigu
Page 29 and 30: 29 As more and more businesses begi
Page 31 and 32: 31 Industries under threat Accordin
Page 33 and 34: 33 How to Know If Someone Is Watchi
Page 35 and 36: 35 you are running in the backgroun
Page 37 and 38: 37 These stats make it clear why sm
Page 39 and 40: 39 · Provide staff especially thos
Page 41 and 42: 41 The current state of insecurity
Page 43 and 44: 43 3. Support heterogeneous network
Page 45 and 46: 45 • Enables troubleshooting of i
Page 47 and 48: 47 It’s not just medical research
Page 49 and 50: 49 Europe Cybersecurity Market Size
Page 51 and 52: 51 Some of the key vendors in the E
Page 53 and 54: 53 Iot Security and Privacy Securit
Page 55: 55 information such as DNA informat
Page 59 and 60: 59 Seven Security Predictions For 2
Page 61 and 62: 61 will target state and local vote
Page 63 and 64: 63 7) Attackers Will Find New Vulne
Page 65 and 66: 65 Certification Programs There are
Page 67 and 68: 67 Fraud: A Look Back At 2019 And W
Page 69 and 70: 69 technologies. They’re also col
Page 71 and 72: 71 • A list of valid credentials
Page 73 and 74: 73 Making the Transition The shift
Page 75 and 76: 75 to get a view on the entire IT e
Page 77 and 78: 77 The Decade Ahead for Cybersecuri
Page 79 and 80: 79 About the Author Matthew Gyde is
Page 81 and 82: 81 datacenters before heading out t
Page 83 and 84: 83 About the Author Paul Martini is
Page 85 and 86: 85 85
Page 87 and 88: 87 87
Page 89 and 90: 89 89
Page 91 and 92: 91 91
Page 93 and 94: 93 93
Page 95 and 96: 95 95
Page 97 and 98: 97 97
Page 99 and 100: 99 99
Page 101 and 102: 101 101
Page 103 and 104: 103 You asked, and it’s finally h
Page 105 and 106: 105 TRILLIONS ARE AT STAKE No 1 INT
Page 107 and 108:
107 107
Page 109 and 110:
109 109
Page 111 and 112:
111 111
show all

Cyber Defense eMagazine January 2020 Edition

Create successful ePaper yourself

Delete template?

Save as template?