Home / About / News

Venafi Encryption Director 6 Selected as CODiE Awards Finalist for Best Security Solution

Automated Encryption Key and Certificate Management Capabilities that Reduce Unquantified and Unmanaged Security Risk Earn Venafi Prestigious Industry Recognition

Salt Lake City, Utah – April 24, 2012

Venafi, the inventor and market leader of enterprise key and certificate management (EKCM) solutions, today announced that the Software & Information Industry Association (SIIA) has named Venafi Encryption Director™ 6 (Director 6) as a finalist in the 2012 CODiE Awards Best Security Solution category. Best Security Solution recognizes the most innovative security solutions designed to protect enterprise IT systems and networks and to achieve strong audit and compliance postures.

The world’s Fortune-ranked organizations have amassed petabytes of regulated and valuable information that flows within and beyond their networks—all of which must be protected—and have therefore deployed thousands of encryption keys and certificates across their global infrastructures, in the cloud and on mobile devices. Yet these same enterprises have little idea how many of these security instruments are in use, where they are deployed, by whom they are accessed, or how they are managed.

SIIA judges singled out Director 6 as a finalist due to its ability to provide out-of-the-box automated management capabilities for the widest range of digital certificate and encryption key technologies used by today’s enterprises, including symmetric keys, SSH keys, asymmetric keys and digital certificates. CODiE Awards judges recognized that automated EKCM significantly reduces the unquantified and unmanaged risks inherent in manual encryption management processes that result in unplanned outages, failed audits and security breaches.

“Our Global 2000 customers recognize that the best security defense is a great offense. Director 6 allows many of the world’s leading organizations to address compliance, operational and security risks before they lead to costly breaches and outages,” said Gregory Webb, Venafi vice president of marketing. “We are honored to be selected as a finalist in the 27th annual CODiE Awards Best Security Solution category. This recognition reveals that enterprises know that they are high-value targets and must take extraordinary measures to protect themselves. Organizations must know where all their keys and certificates are installed; have detailed information on each instrument, including owner, in-use algorithm, key lengths and validity periods; and have recovery plans in case of compromise.”

Venafi automates the provisioning, discovery, monitoring, validation, management and security of encryption keys and digital certificates in many of the world’s largest organizations. With Director 6, organizations can scale encryption deployments and management functionality across the enterprise as the need to protect more data and authenticate more systems, applications and devices grows. Learn more at www.venafi.com/Director6.

2012 CODiE Award winners for Best Security solution will be announced Wednesday, May 10.

About SIIA

The Software & Information Industry Association (SIIA) is the principal trade association for the software and digital content industries. SIIA provides global services in government relations, business development, corporate education and intellectual property protection to the leading companies setting the pace for the digital age.

About Venafi

Venafi is the inventor of and market leader in Enterprise Key and Certificate Management (EKCM) solutions. Venafi delivered the first enterprise–class solution to automate the provisioning, discovery, monitoring and management of digital certificates and encryption keys—from the datacenter to the cloud and beyond—built specifically for encryption management interoperability across heterogeneous environments. Venafi products reduce the unquantified and unmanaged risks associated with encryption deployments that result in data breaches, security audit failures and unplanned system outages. Venafi also publishes best practices for effective key and certificate management at www.venafi.com/best-practices. Venafi customers include the world’s most prestigious Global 2000 organizations in financial services, insurance, high tech, telecommunications, aerospace, healthcare and retail. Venafi is backed by top–tier venture capital funds, including Foundation Capital, Pelion Venture Partners and Origin Partners. For more information, visit www.venafi.com.

 

Venafi Encryption Director 6 Receives Security Industry’s Prestigious Global Excellence Award for Risk Management

Ability to Automate Encryption Key and Certificate Management While Reducing Unquantified and Unmanaged Risks Earns Venafi Top Honors

Salt Lake City, Utah – March 21, 2012

Venafi, the inventor of and leader in enterprise key and certificate management (EKCM) solutions, today announced that Info Security Products Guide, the industry’s leading information security research and advisory guide, has named Venafi Encryption Director™ 6 (Director 6) the winner of the 2012 Global Excellence Awards in Risk Management.

Venafi earned top honors in the risk management category due to its ability to provide out-of-the-box automated management capabilities for the widest range of digital certificate and encryption key technologies used by today’s enterprises, including symmetric keys, SSH keys, asymmetric keys and digital certificates. Category judges recognized that automated EKCM significantly reduces the unquantified and unmanaged risks inherent in manual encryption management processes that result in unplanned outages, failed audits and security breaches. Info Security Products Guide recognized Venafi for their achievements during RSA Conference 2012.

“IT Risk Management is about tracking security, compliance and operational risks before they lead to costly breaches and outages,” said Jeff Hudson, Venafi CEO. “Yet many IT governance policies fail to provide adequate management and access controls for their most important security assets: thousands of encryption keys and certificates. These have become the ‘keys to the kingdom’ as they secure communications and authenticate systems. Yet security and compliance policies have failed to keep pace with the complexity of managing and controlling these mission-critical trust instruments.”

“Continued attacks underscore the need for accurate and up-to-date digital certificate and key inventories that allow information security teams to respond to vulnerabilities and compromises immediately,” said Gregory Webb, Venafi VP of Marketing. “This industry honor further validates the critical need for automated key and certificate management that only Director 6 can provide. We are delighted by Info Security Products Guide’s recognition of Director 6 as the best-in-class enterprise risk management solution.”

Venafi automates the provisioning, discovery, monitoring, validation and management of encryption keys and digital certificates — in many of the world’s largest organizations. Organizations can scale encryption deployments and management functionality across the enterprise as the need to protect more data and authenticate more systems, applications and devices grows.

Director 6 also orchestrates the complex operational interactions involving keys and certificates through hierarchical and policy-based management, automation, granular access controls and audit logging. There are three products available within the Director 6 platform: Certificate Manager™, Symmetric Key Manager™ and SSH Key Manager™. Learn more at www.venafi.com/Director6.

About Info Security Products Guide

Info Security Products Guide sponsors leading conferences and expos worldwide and plays a vital role in keeping end-users informed of the choices they can make when it comes to protecting their digital resources. It is written expressly for those who are adamant on staying informed of security threats and the preventive measure they can take. You will discover a wealth of information in this guide including tomorrow’s technology today, best deployment scenarios, people and technologies shaping info security and market research that facilitate in making the most pertinent security decisions. The Info Security Products Guide Awards recognize and honor excellence in all areas of information security. To learn more, visit www.infosecurityproductsguide.com and stay secured.

About Venafi

Venafi is the inventor of and market leader in Enterprise Key and Certificate Management (EKCM) solutions. Venafi delivered the first enterprise–class solution to automate the provisioning, discovery, monitoring and management of digital certificates and encryption keys—from the datacenter to the cloud and beyond—built specifically for encryption management interoperability across heterogeneous environments. Venafi products reduce the unquantified and unmanaged risks associated with encryption deployments that result in data breaches, security audit failures and unplanned system outages. Venafi also publishes best practices for effective key and certificate management at www.venafi.com/best-practices. Venafi customers include the world’s most prestigious Global 2000 organizations in financial services, insurance, high tech, telecommunications, aerospace, healthcare and retail. Venafi is backed by top–tier venture capital funds, including Foundation Capital, Pelion Venture Partners and Origin Partners. For more information, visit www.venafi.com.

 

Venafi Announces Availability of Venafi Assessor™

Assessor enables enterprises to quantify their SSL certificate and key populations and qualify associated security, operational and compliance risks—at no cost

Salt Lake City, Utah – February 23, 2012

Venafi, the inventor of and leader in enterprise key and certificate management (EKCM) solutions, today announced the availability of Venafi Assessor™. Assessor is a downloadable, easy-to-install and cost-free software solution that scans an organization’s network to locate and analyze deployed digital certificates and the associated encryption keys. Assessor produces a series of reports that detail the security, operational and compliance risks derived from the data it collects. Additionally, Assessor provides remediation recommendations based on industry best practices and the aggregate experience of Venafi customers.

Organizations protect critical and often regulated information with certificates and keys, yet 70 percent of companies surveyed have inaccurate or incomplete data about their growing encryption populations. A recent Venafi study found that organizations performing basic inventory assessments often discover three to five times more Secure Socket Layer (SSL) certificates than they expected to find on their network. As a result of these unknown and therefore unmanaged certificates, these organizations are vulnerable to unplanned outages, security compromises and failed audits.

Leading IT research and analyst firm Gartner, Inc. recently indicated that organizations with roughly 200 or more X.509 certificates are high-risk candidates for costly unplanned downtime and brand damage. In the X.509 Certificate Management: Avoiding Downtime and Brand Damage report, published Nov. 4 2011, Gartner analysts Eric Ouellet and Vic Wheatman write, “Organizations are often unaware of the scope or the validity status of their X.509 certificate and key deployments until it is too late. Organizations need to establish formalized plans and, if necessary, leverage available tools to minimize impacts.” Download the full report here.

“Having worked with many of the world’s largest companies, our experience is that enterprises have inaccurate and incomplete data about their certificate and key populations,” said Jeff Hudson, Venafi CEO. “The unquantified and unmanaged risks these security instruments pose is significant. The risks are increasing because certificates are being rapidly deployed within corporate data centers, on cloud-based systems and onto mobile devices. With Assessor, organizations can quantify the extent of their risks, turning assumptions about their certificates and keys into hard data. We are providing this capability to organizations at no cost.”

Request a copy of Venafi Assessor and view a sample Assessor risk profile report at www.venafi.com/Assessor.

Social Links

Get social with Venafi, interact on: Facebook: http://www.facebook.com/Venafi, Twitter: @Venafi, LinkedIn: http://www.linkedin.com/company/venafi, YouTube: http://www.youtube.com/user/Venafi, and the Blog: www.venafi.com/about/blog/

About Venafi

Venafi is the inventor of and market leader in Enterprise Key and Certificate Management (EKCM) solutions. Venafi delivered the first enterprise–class solution to automate the provisioning, discovery, monitoring and management of digital certificates and encryption keys—from the datacenter to the cloud and beyond—built specifically for encryption management interoperability across heterogeneous environments. Venafi products reduce the unquantified and unmanaged risks associated with encryption deployments that result in data breaches, security audit failures and unplanned system outages. Venafi also publishes best practices for effective key and certificate management at www.venafi.com/best-practices. Venafi customers include the world’s most prestigious Global 2000 organizations in financial services, insurance, high tech, telecommunications, aerospace, healthcare and retail. Venafi is backed by top–tier venture capital funds, including Foundation Capital, Pelion Venture Partners and Origin Partners. For more information, visit www.venafi.com.

 

New Research Reveals More Than Half of Enterprises Have Unquantified Security Risks From Poor Insight Into, And Lack of Control Over, SSL Certificate Populations

Additional 44 Percent Acknowledge Vital Security Instruments are Manually Managed; Situation Jeopardizes Critical Business Systems, Applications and Processes

Salt Lake City, Utah – February 23, 2012

Venafi, the inventor and market leader of enterprise key and certificate management (EKCM) solutions, in conjunction with Osterman Research, today released the results of an extensive survey designed to determine how well organizations understand the risks associated with poor key and certificate management. Based on responses from 174 IT and information-security professionals, the survey reveals a significant lack of knowledge, understanding and oversight, resulting in a series of information-security vulnerabilities.

Fifty-four percent of respondents, for example, admit to having an inaccurate or incomplete inventory of their Secure Socket Layers (SSL) certificate populations. Deploying encryption solutions without maintaining comprehensive certificate and key inventories is a worst practice that jeopardizes vital business systems and processes, and exposes organizations to substantial risk of security and compliance incidents.

“The importance of sound certificate management practices is highlighted by the repeated certificate authority (generally referred to as CA) breaches over the past year,” said Michael Osterman, president of Osterman Research. “We were startled by the lack of urgency regarding the issue. When considered in tandem with the high-value target CAs represent to hackers, we can predict more CA breaches and more security threats than we saw in 2011.”

“Organizations protect mission-critical and often regulated data with hundreds or thousands of encryption keys and digital certificates,” said Jeff Hudson, Venafi CEO. “But as this survey reveals, too many companies have inaccurate or incomplete data about their security assets. The unquantified and unmanaged risks these certificates and keys pose is significant—risks magnified through the increasingly pervasive use in corporate data centers, cloud-based systems and mobile devices.”

The Risks of Manual Management

Forty-four percent of respondents admitted to manually managing digital certificates with spreadsheets and reminder notes—another worst practice related to a lack of risk recognition. Certificates and keys require regular maintenance, monitoring, rotation and secure distribution for systems and applications to function properly. Manual handling makes it inherently difficult to track important information—such as certificates’ expiration dates and names of issuing certificate authorities (CAs). These challenges can result in unplanned outages that lead to millions of dollars in lost revenue and brand damage.

“To properly manage certificates, organizations must know when certificates are set to expire, what CAs issued them and their encryption-key strengths,” Hudson said. “Without knowing these attributes, enterprises have little hope of preventing certificates from unexpectedly expiring—a leading cause of unplanned system downtime. With 76 percent of respondents assuming that their certificate populations will grow in 2012, we know the risks will further escalate.”

Survey Results Expose Additional Risks in the Enterprise

The survey exposes the four primary types of risk associated with improper certificate and key management: operational, security, audit and compliance, and CA compromise.

  • Operational Risk

    • Forty-six percent of respondents indicated that they could not generate reports to discover how many currently deployed digital certificates were set to expire within the next 30 days. This lack of automation visibility increases the likelihood that expiring certificates will trigger unplanned system outages that last for hours or even days.

    • Seventy percent said their encryption systems were not integrated with their corporate directories. Directory integration enables a certificate management solution to seamlessly integrate and automatically escalate notifications when certificate owners are unreachable or unresponsive to notification and action requests. Given the high rate of turnover in positions with responsibility for certificate management, lack of integration is causing outages.

  • Security Risk

    • Forty-three percent of respondents said they do not have centralized corporate policies that mandate specific encryption-key lengths, certificate validity periods and private-key administration requirements. Best practices and many regulations mandate strong encryption keys and two-year (maximum) certificate validity periods. Failure to enforce these best practices increases an organization’s risk of security breaches—such as brute-force attacks on weak encryption keys. Weak keys leave organizations vulnerable to hackers.

  • Audit and Compliance Risk

    • Fifty-four percent of respondents admitted to not having automated, repeatable and on-demand methods for providing certificate-population reports to organizational leadership and auditors. The inability to run such reports makes it impossible to maintain accurate and comprehensive certificate inventories.

    • Sixty-two percent said they did not have automated processes for ensuring corporate-policy and regulatory compliance. The inability to automatically ensure compliance increases the risk of failing internal and external audits. Such failures can result in steep fines, potential employment termination and brand damage. In some cases, regulators can prohibit failing organizations from conducting business online.

  • Risk of CA Compromise

    • 72 percent do not have an automated process to replace compromised certificates if their CA vendor is compromised. In the case of a CA compromise, every minute counts. Finding all affected certificates manually can take days or weeks, but not replacing them immediately can incur significant costs and in the worst case scenario results in a company going out of business.

    • Forty-four percent of these respondents acknowledged that they were worried, but had not yet re-evaluated their CA compromise and related business continuity strategies, while only 17 percent had.

Effective Remediation Strategies

Venafi publishes best practices for effective key and certificate management, and is the industry’s leading authority on the processes and practices that comprise the overall strategy for improved security and lowered risk. The EKCM best-practices portal is available for free to any organization.

About Osterman Research

Osterman Research was founded in 2011 and has become one of the leading analyst firms with expertise in research and survey methodology, providing analysis, white papers and other services to companies like Microsoft, IBM, Google, EMC, Symantec, Hewlett Packard and many others.

Social Links

Get social with Venafi, interact on: Facebook: http://www.facebook.com/Venafi, Twitter: @Venafi, LinkedIn: http://www.linkedin.com/company/venafi, YouTube: http://www.youtube.com/user/Venafi, and the Blog: www.venafi.com/about/blog/

About Venafi

Venafi is the inventor of and market leader in Enterprise Key and Certificate Management (EKCM) solutions. Venafi delivered the first enterprise–class solution to automate the provisioning, discovery, monitoring and management of digital certificates and encryption keys—from the datacenter to the cloud and beyond—built specifically for encryption management interoperability across heterogeneous environments. Venafi products reduce the unquantified and unmanaged risks associated with encryption deployments that result in data breaches, security audit failures and unplanned system outages. Venafi also publishes best practices for effective key and certificate management at www.venafi.com/best-practices. Venafi customers include the world’s most prestigious Global 2000 organizations in financial services, insurance, high tech, telecommunications, aerospace, healthcare and retail. Venafi is backed by top–tier venture capital funds, including Foundation Capital, Pelion Venture Partners and Origin Partners. For more information, visit www.venafi.com.

 
« Older