PKI Blog

THE CIRCLE OF TRUST FOR CONNECTED DEVICES

Posted by Anthony Ricci on Dec 7, 2017 9:39:19 AM

When it comes to connected devices, how big should your "Circle of Trust" be?  Who should you trust, and why?

As told by Jack Byrnes ("Meet the Parents"), who should you trust and why?

Read More

Topics: Public Key Infrastructure, PKI, Internet of Things (IoT), Root of Trust, ThingWorx, LiveWorx, Connected Devices

On-Prem or Cloud Managed Public Key Infrastructure (PKI)? Fastest Way to Mitigate Risk and Lower Costs

Posted by Jonathan Ossovicki on Oct 26, 2017 10:31:28 PM

Do You Really Need an On-Prem Public Key Infrastructure (PKI) for Better Security?

While conventional wisdom of those who don't trust the cloud has been that on premises is more secure, the important reality is that on premises is only more secure if you have the expertise and you are willing to allocate your experts' time to its appropriate management.  

Gone are the days of questionable cloud security, as service providers are making strides to provide a more agile and pain free move - especially in the realm of public key infrastructure (PKI).  With a recent Right Scale report, a “multi-cloud” or “hybrid” approach increased 3% in 2016, sitting at current 85% of enterprises using a multi-cloud strategy. But, is keeping your PKI and its overall lifecycle management on premise really a much safer bet? I’m going to dive deep on reasons why migrating to a cloud-based PKI managed service model may mitigate more risk, increase efficiency and lower operating costs.

Read More

Topics: Managed PKI, managed public key infrastructure, cloud-based managed public key infrastructure

The Hidden ROI with Certificate Lifecycle & PKI Management

Posted by Michael Thomas on Oct 25, 2017 8:50:36 AM

 

There are always questions in regard to why an organization should care about their digital certificate lifecycle management (CLM) with their existing public key infrastructure (PKI).  Our sales team constantly hears the same rebuttals: “We try to keep things very simple and agile when it comes to certificates” or “we just don’t see a need to give it more time than what we currently do”, and on the surface their logic seems sound.  More, cost estimates of a CLM system seem to financially justify their statements, but in taking a closer look, these IT leaders may be unintentionally excluding certain facts that prove their conclusions to be flawed or even false.

Read More

Topics: digital certificate management, Public Key Infrastructure, ROI PKI, ROI public key infrastructure

SCARIER THINGS: Protect Your IoT Assets with HSMs

Posted by Anthony Ricci on Oct 11, 2017 11:47:25 AM

Although Halloween happens once a year, evil lurks in the digital IoT world all year round.  Systems must be protected 24/7/365. 

Although Halloween happens once a year, evil lurks in the digital IoT world all year round.  Systems must be protected 24/7/365 to ensure that the ‘Demogorgon’ does not make it’s way through the portal into the system.  One concern is the protection of our cryptographic keys.  Although there are many ways to accomplish this, it is not an easy decision.

Read More

Topics: Public Key Infrastructure, PKI, Hardware Security Module, IoT, Internet of Things (IoT), HSM, LiveWorx

Who’s Watching Your Public Key Infrastructure (PKI)?

Posted by Andrew Prayner on Oct 6, 2017 10:28:43 AM

If you're not watching your PKI...who is?

 As ominous as the title sounds, this blog will actually focus on the parties that should have eyes on your public key infrastructure (PKI), rather than the “bad actors” who shouldn’t.  The latter is no less important, however, and that could easily be the topic of a future blog.

Read More

Topics: Managed PKI, Public Key Infrastructure, PKI, DIY PKI

“CAN YOU KEEP A SECRET?” KEEPING YOUR IOT DEVICES SAFE AND SECURE–CRYPTOGRAPHY 101

Posted by Anthony Ricci on Sep 13, 2017 10:35:59 AM

Why do I care about cryptography as an IoT architect? What is the deal with cryptography? Why does cryptography matter in the IoT world?

Currently, it is estimated that there are about 8.4 billion devices online.  Within the next 3 years, the number will be over 20.4 billion devices.  As more connected devices are deployed, there becomes a greater need to control and manage the identity of those devices. There is also a need to protect the devices “data at rest” and “data that is transmitted.” Cryptography gives us a way to do that with high assurance and reliability.

 

Read More

Topics: Public Key Infrastructure, PKI, IoT, Internet of Things (IoT), LiveWorx, Cryptography

Google vs. Symantec: Increasing Your SSL Certificate Visibility

Posted by CSS Technical Team on Sep 7, 2017 11:40:56 AM

Symantec SSL Customers, do you know where your certificates are located?

In March, Google announced they discovered a problem with Symantec issued SSL certificates. Google identified roughly 30,000 SSL certificates that violated industry standards defined within the CA/B forum baseline requirements.  After the discovery, Google and Symantec solidified an agreement which will affect new and existing Symantec customers moving forward.  The original deadline for reissuing affected Symantec/GeoTrust/Thawte certificates was pushed back from August 2017 to April 2018.

Read More

Topics: SSL certificates, Symantec, DigiCert, Digital Identity Management, GeoTrust, Thawte

“HEY THERE, IT’S ME” – Understanding the Importance of IoT Device Identity

Posted by Anthony Ricci on Aug 16, 2017 11:26:40 AM

Do you remember the movie E.T, where E.T is essentially stranded on Earth until he assembles a makeshift communication device which sends a message to his spaceship to return to earth to retrieve him?

Read More

Topics: Internet of Things, IoT, IoT Identity Management, LiveWorx

Simplifying the Microsoft Policy Module with CMS Enterprise

Posted by Sami Van Vliet on Aug 15, 2017 12:46:02 PM

CMS Enterprise now provides exclusive, real time policy control at the Certificate Authority (CA), providing the most comprehensive security compliance for certificate issuance available today.

The CMS Custom Policy Modules intercept the certificate requests and can then perform important security-enhancing actions such as:

  • Allowing only certain IP addresses to request certificates. Preventing a user with access to the CA itself from being able to request a certificate outside of the approved CMS Enrollment process.
  • Using the CSS-patented VSCEP™ technology, CMS secures on-device key generation during certificate enrollment for iOS and Mac devices, without the use of client-side agents.
Read More

Topics: digital certificate management, X.509 digital certificates, Digital Identity Management, Microsoft Policy Module, PKI management

You have choices in certificate and PKI management – Why CSS?

Posted by Tom Klein on Aug 10, 2017 3:41:43 PM

The quandary in buying a solution to any business problem is am I making the best choice and will our company derive value from that selection?

In representing a variety of solutions to customers over more than 35 years, I have found a few consistent characteristics of customers that have been happy with their decision.

Read More

Topics: PKI, Public Key Infrastructure (PKI)

Recent Posts

Posts by Topic

see all

Subscribe to Email Updates

Want to Learn more about CSS?