PKI Blog

CSS Technical Team

CSS Technical Team

Recent Posts

What is a Next-Gen PKI?

Posted by CSS Technical Team on Oct 5, 2018 9:48:16 AM

With cyber crime damage costs estimated to hit $6 trillion annually by 2021, there’s no doubt that cybersecurity continues to be one of the top concerns for IT departments in every industry. They’re constantly in search of more robust capabilities beyond what’s always been used. As cybersecurity has evolved, so have public key infrastructure (PKI) solutions. We’re now entering a new era of PKI that's focused on the long-term sustainability of certificates and devices across the enterprise.

Read More

Topics: Crypto-agility, next-gen PKI, Public Key Infrastructure (PKI)

Enterprise IT Scenarios Demanding Crypto-Agility

Posted by CSS Technical Team on Aug 6, 2018 3:20:50 PM

 In an evolving cyber security landscape, defenses must continually evolve. Static systems are not only inherently insecure, they are less so with each passing day. This principle applies to cryptography as much as to other types of cyber-defenses. And with the advent of quantum computing, most analysts agree that common cryptographic algorithms will eventually become ineffective. The scale of the potential threat is immense — for nearly all the hardware and software we use in both traditional IT environments and burgeoning Internet of Things (IoT) ecosystems.

Read More

Topics: Crypto-agility, quantum computing, Cryptography, digital identity

5 Risks of Gambling With a Wild Certificate Count and PKI

Posted by CSS Technical Team on Jun 4, 2018 3:42:44 PM

Gambling means being prepared to lose everything. When working with an out of control, unmanaged digital certificate count and public key infrastructure (PKI), the risks of facing issues with financial and productivity losses are extremely high. Are you prepared to gamble with some of your most valuable IT assets? Let's explore five common unmanaged certificate and PKI related scenarios, their financial implications and how to prevent them from occurring in your enterprise.

Read More

Topics: Digital Identity Management, digital certificates, ROI public key infrastructure

The Right Way to Find and Protect Code Signing Certificates

Posted by CSS Technical Team on Apr 6, 2018 11:33:57 AM

The demand for trust in today's uber-connected digital society is unprecedented. Consumers of software require guaranteed proof that the application they are using is legitimate. Secure code signing validates the author of the software and proves that the code has not been altered or tampered with after it was signed. Trusted code signing certificates are used to verify authenticity, but what is preserving the integrity of those certificates?

Read More

Topics: secure code signing, Public Key Infrastructure (PKI), find code signing certificates, weakening cryptography, Crypto-agility, the right way to protect code signing certificates

Google vs. Symantec: Increasing Your SSL Certificate Visibility

Posted by CSS Technical Team on Sep 7, 2017 11:40:56 AM

Symantec SSL Customers, do you know where your certificates are located?

In March, Google announced they discovered a problem with Symantec issued SSL certificates. Google identified roughly 30,000 SSL certificates that violated industry standards defined within the CA/B forum baseline requirements.  After the discovery, Google and Symantec solidified an agreement which will affect new and existing Symantec customers moving forward.  The original deadline for reissuing affected Symantec/GeoTrust/Thawte certificates was pushed back from August 2017 to April 2018.

Read More

Topics: Symantec, SSL certificates, Digital Identity Management, GeoTrust, Thawte, DigiCert

The Real Cost of an Expired Digital Certificate

Posted by CSS Technical Team on Jun 22, 2017 1:03:04 PM

The average global 5,000 company spends about $15 million to recover from a certificate outage. These estimates are based on a Ponemon survey of about 2,400 global respondents which include remediation costs, loss of productivity, lost revenues, and brand image damage.

Read More

Topics: PKI, Digital Identity Management, digital certificate, Unplanned Outages, Public Key Infrastructure

Reflections on the 2017 Thales Data Threat Report

Posted by CSS Technical Team on Jun 2, 2017 1:40:54 PM
Trends in Encryption and Data Security Include Major Implications for the IoT

Key Trends of the 2017 Thales Data Threat Report

The Global Edition of the 2017 Thales Data Threat Report featured a number of trends in the data set which are noteworthy for enterprises invested in the IoT, as well as cloud security. The 2017 report is based on a survey of over 1,100 security executives across the globe, and emphasizes the security impacts of advanced technologies, including cloud, big data, IoT, and containers.

Read More

Topics: IoT Security, Thales e-Security, Encryption, Data Security

Layering Certificate-based Authentication Security onto ThingWorx IoT Platform

Posted by CSS Technical Team on May 19, 2017 1:59:29 PM

Congratulations, you’ve chosen ThingWorx to launch and manage your IoT devices, applications and data. Your goals are clear, your code has been tested and the connections are ready to engage. Unfortunately, you’ve forgotten a critical component that will sadly cause your entire project to fail.

Added layers of security, specifically unique device key authentication.

Read More

Topics: Internet of Things (IoT), IoT, PKI for IoT, ThingWorx, cybersecurity

Google Chrome Version 58: Short and Long Term Fixes

Posted by CSS Technical Team on May 5, 2017 2:02:23 PM

With Google’s recent Chrome 58 version update, your Public Key Infrastructure (PKI) may suddenly be impacted. Your formerly-compliant HTTPS certificates may no longer be working. CSS is here to explain what has changed, why has it changed and how to identify which certificates may be impacted. We will look at a temporary Google Chrome work around and view best practice security settings to adopt when working with SANs (Subject Alternative Name) certificates.

Read More

Topics: Google Chrome Version 58, Public Key Infrastructure (PKI), CRL Monitoring, Certificate Provisioning, expired certs, PKI for chrome

SHA-1 is “Shattered”

Posted by CSS Technical Team on Mar 22, 2017 11:41:01 AM

SHA-1 has been in the news (again). We’ve all known that the SHA-1 hash function is cryptographically weak. In fact, CSS has been pointing out the weaknesses of SHA-1 for years now.


Read More

Topics: SHA-1, SHA-2

Recent Posts

Posts by Topic

see all

Subscribe to Email Updates

Want to Learn more about CSS?