Ensure Success

A successful digital certificate and private key management program starts with effective communication.

Ensure Success

Analyst Coverage

"Admittedly this is a complex topic, but the most important takeaway is this: the risk-based evaluation your company needs to make right now is not about your vulnerability to the Flame virus; it is about your vulnerability to MD5-signed certificates. If you are confident in knowing how many of these there are, and where they are, and what systems are potentially at risk as a result – well done." Full Report

"Organizations with roughly 200 or more documented X.509 certificates in use are high-risk candidates for unplanned expiry and having certificates that have been purchased but not deployed." Full Report

"To support the broader deployment of encryption, organizations with top performance have looked towards increased automation and centralized, heterogeneous approaches to key lifecycle management. Venafi is well-aligned with this Best-in-Class approach."

"Venafi's primary differentiator is its broad entity support for systems that utilize asymmetric keys and certificates. In addition, it implements flexible key lifecycle policies and administration functionality and automated discovery of keys and certificates in systems that support such activity."

"Venafi offers compelling advantages, such as being the early mover in this market, with proven deployments at marquee customers demonstrating its ability to scale and provide breadth of integration."

"When there are many hundreds of certificates from a variety of certificate authorities, the only ecumenical [universal], nonproprietary provider of a certificate management solution is Venafi. Other CA management systems are biased toward the particular CA by, for example, only supporting renewals from that specific CA." Full Report

"The emphasis on orchestration, in tandem with its scalability and interoperability, is tied to the evolution of Venafi's competitive landscape, and to the potential to frame its value in the context of risk management."

Executive Sponsorship

Identify one or more key executives in a supporting role. Ensure they understand the importance of implementing EKCM best practices and the objectives and timelines.

Summary

Provide them regular updates with measurable results. Raise issues as they arise and track resolution.

What is this?

Executive sponsorship means enlisting the support of one or more executives who clearly understand the importance of implementing EKCM best practices and will enlist the support of all necessary groups and take ownership of issues that arise.

Why should I care?

Getting support from executives in your organization for implementing EKCM best practices is critical due to the cross functional nature of key and certificate management in most organizations. Implementing EKCM best practices requires cooperation, time/resource investment, and changing processes. Many groups see encryption as a necessary evil which they would prefer to be managed by somebody else and not be bothered with. The reality is that multiple groups have a role in EKCM. The groups you will likely need support from include:

  • PKI Administration
  • Network Administration
  • IT Operations – Each group responsible for certificates where certificates and private keys are deployed.
  • Application owners
  • Systems owners
  • Security Architecture
  • Active Directory Management
  • Firewall Administration
  • Project Management
  • Audit/Compliance Group

If you don’t get the support of these groups, your EKCM project may experience delays. An executive is often needed to communicate at the highest levels about organization imperatives for proper encryption management and ensure that organizational inertia is overcome.

What should I do?

  1. Identify at least one executive with sufficient organizational authority to make things happen.
  2. Gain mutual agreement with the executive(s) on the drivers for implementing EKCM best practices, project objectives and timelines, resources needed (dedicated and supporting), and roles and responsibilities.
  3. Ensure the executive(s) proactively communicate these items (drivers, objectives, etc.) to the executives responsible for stakeholder groups needed as part of the EKCM ecosystem.
  4. Provide regular updates to the executive champion(s) on progress and any issues encountered. (See Reporting for more on this.)
  5. Only use your sponsorship to overcome organizational resistance as a last resort. Wherever possible, enlist other stakeholders in the value of adopting EKCM best practices.

Measurable Successful Results

Best Practices

Function

Problems