PKI Blog

The Convergence of IT & Security and Risk & Compliance

Posted by CSS Technical Team on Oct 25, 2016 12:00:36 PM

IT and Compliance Departments Working Together With Greater Frequency

The Integration between IT and Compliance

Presently, a marked shift from the silos of IT and compliance teams is resulting in a departmental convergence for many businesses. A tightening and consolidation effort between IT, security, and GRC has proven to benefit overall organization security posture, and many businesses are making the change.

Read More

Topics: IT Security, PKI, Cyber Security, Risk and Compliance

Securing Network-Connected Sensors in the Energy Industry

Posted by CSS Technical Team on Oct 20, 2016 1:24:39 PM

How Can the Energy Sector Protect Itself From Cyber Threats?

The Takeover of Network-Connected Sensors in the Energy Industry

The problems of the energy sector, including increasing conservation efforts, greater emphasis on alternative energy sources, and the concurrent use of more power, may be a challenge to resolve, but many solutions lie in technology; particularly the innovations available through Internet of Things applications, as pointed out by Deloitte.

Read More

Topics: Internet of Things, IoT, energy iot

SHA-2 Migration Timelines are Looming

Posted by CSS Technical Team on Oct 18, 2016 8:50:41 AM

Are You Ready for the Move
to SHA-2?

Is your business ready for SHA-1 deprecation? The timelines for the move to SHA-2 are looming, and deprecation is fast-approaching. Explained by InfoWorld, SHA-1 was once considered secure, but has been proven to contain cryptographic flaws. Security experts and cryptographers believe that the SHA-1 hash is no longer secure—and its shelf life is dwindling quickly.

Read More

Topics: PKI, SHA-2, SHA-2 Migration

GlobalSign Certificate Conundrum – Why Doing PKI Right is Hard

Posted by Ted Shorter on Oct 14, 2016 12:39:36 PM

Yesterday (October 13, 2016), certain segments of the Public Key Infrastructue (PKI) world were spun into a frenzy, when a GlobalSign CA certificate appeared to have been revoked.  Clearly, revoking a CA certificate is a significant event, as all certs that chain through that CA effectively become invalid.

Read More

Topics: Public Key Infrastructure, PKI, GlobalSign, HTTPS, PKI GlobalSign

Certificates as the Rx for Embedding Security Into Vulnerable Healthcare Systems

Posted by CSS Technical Team on Oct 11, 2016 3:28:25 PM

The healthcare sector continues to build some of the largest, lucrative and vulnerable stores of data, making them attractive targets for cyber criminals. Further, malicious actors are more prevalent, organized and creative in their attacks on vulnerable vectors. While HIPAA security rules have long been in place, compliance continues to move at a snail’s pace and those responsible for product innovation are being forced to pay closer attention to security, IT, legal, risk and regulatory considerations earlier in the development life cycle. Many organizations are also having to revisit those same considerations for products and services already in use to satisfy regulatory or compliance requirements, remediate an issue, preserve reputation and promote a competitive advantage

Read More

Topics: healthcare security, solutions to healthcare systems vulnerabilities, healthcare IoT, healthcare certificates

PKI Implementation Project Management: Best Practices

Posted by CSS Technical Team on Sep 27, 2016 4:29:04 PM

Your PKI Implementation—What’s Involved?

Public key infrastructure (PKI) strict implementation management is not optional—it’s necessary. Whether your organization is in the wireless space, implementing a BYOD initiative, or tackling the upgrade to SHA-2, managing a PKI project isn’t a simple process. However, there are a number of best practices your business can employ to ensure a successful implementation.

Read More

Topics: PKI, Public Key Infrastructure (PKI), DIY PKI

Advantages of a Professionally Managed PKI

Posted by CSS Technical Team on Sep 22, 2016 1:55:14 PM

Cybersecurity Today

Ever-evolving security challenges are dominating today’s IT landscape. Malicious actors are using every avenue possible to access sensitive and valuable data, from social engineering and DDoS to brute force methods. For example:

Read More

Topics: Public Key Infrastructure, PKI, Public Key Infrastructure (PKI), PKI Managed Service, Managed Services

Old Tricks, New Targets

Posted by Will Clements on Sep 16, 2016 12:23:53 PM

Those of us in the information security field are all too familiar with the effectiveness of social engineering, and while there are still those who readily send money off to strangers from a simple phone call or email, people are generally getting better about not giving out their own personal information. But attackers are quick to adapt and have focused on a different target: your phone carrier. 

Read More

Topics: Mobile Device Hacking, Hacking, social engineering, SIM Card Hacking, T-Mobile SIM Card Hack, mobile carrier hacks

Don’t just manage your certificates - control your Public Key Infrastructure (PKI).

Posted by CSS Technical Team on Sep 8, 2016 9:36:06 AM

Featuring a lesson from the Death Star

PKI is an entire infrastructure supporting trusted certificates

As more enterprises implement their own internal Public Key Infrastructure (PKI) to save money on purchasing an increasing volume of digital certificates, the need for tools to centralize, monitor and manage certificates across all issuing sources continues to be critical. One common tool is certificate management software. While certificate management software certainly helps organizations evolve from the stone ages of manually documenting certificate details in a spreadsheet, many certificate management applications only scratch the surface of what enterprises really need. In other words, while managing certificates is critical to prevent outages and breaches, stand-alone certificate management software is not light years ahead of platforms that do more to improve IT and security team efficiency and help organizations meet regulatory and audit compliance requirements.

Read More

Topics: PKI, Public Key Infrastructure (PKI), Star Wars, Death Star

Top 5 Root CA Key Signing Ceremony Mistakes

Posted by Wayne Harris on Aug 31, 2016 9:03:30 AM

Trust, as it pertains to most components within a Public Key Infrastruture (PKI) is earned. It’s established as the result of some sort of evaluation. An evaluation that often involves a revocation check or policy check.

In the case of the root CA however, trust is *not* earned. In the case of the root CA, trust is assigned. This assigned trust is quite often mandatory from the perspective of subscribers and relying parties.

Read More

Topics: Public Key Infrastructure, PKI, root CA, Root CA Security, Root CA Key Signing Ceremony Mistakes

Posts by Topic

see all

Want to Learn more about CSS?