Why Best Practices

Analyst Coverage

"Admittedly this is a complex topic, but the most important takeaway is this: the risk-based evaluation your company needs to make right now is not about your vulnerability to the Flame virus; it is about your vulnerability to MD5-signed certificates. If you are confident in knowing how many of these there are, and where they are, and what systems are potentially at risk as a result – well done." Full Report

"Organizations with roughly 200 or more documented X.509 certificates in use are high-risk candidates for unplanned expiry and having certificates that have been purchased but not deployed." Full Report

"To support the broader deployment of encryption, organizations with top performance have looked towards increased automation and centralized, heterogeneous approaches to key lifecycle management. Venafi is well-aligned with this Best-in-Class approach."

"Venafi's primary differentiator is its broad entity support for systems that utilize asymmetric keys and certificates. In addition, it implements flexible key lifecycle policies and administration functionality and automated discovery of keys and certificates in systems that support such activity."

"Venafi offers compelling advantages, such as being the early mover in this market, with proven deployments at marquee customers demonstrating its ability to scale and provide breadth of integration."

"When there are many hundreds of certificates from a variety of certificate authorities, the only ecumenical [universal], nonproprietary provider of a certificate management solution is Venafi. Other CA management systems are biased toward the particular CA by, for example, only supporting renewals from that specific CA." Full Report

"The emphasis on orchestration, in tandem with its scalability and interoperability, is tied to the evolution of Venafi's competitive landscape, and to the potential to frame its value in the context of risk management."

The Importance of Key and Certificate Best Practices

Certificates and private keys play a critical role in securing data and systems across all types of organizations. The following table shows some of the challenges that can arise.

Challenges		Causes
	Downtime and System Outages	Certificates that are not renewed and replaced before they expire can cause serious downtime and outages.
	Private Key Compromise	Private keys used with certificates must be kept secure or unauthorized individuals can intercept confidential communications or gain unauthorized access to critical systems.
	Compliance Violations	Regulations and requirements (like PCI-DSS) are requiring much more stringent security and management of cryptographic keys and auditors are increasingly reviewing the management controls and processes in use.
	High Administrative Costs	The average certificate and private key require four hours per year to manage, taking administrators away from more important tasks and costs hundreds of thousands of dollars per year for many organizations.
	Large Scale Compromises	If a certificate authority is compromised or an encryption algorithm is broken, organizations must be prepared to replace all of their certificates and keys in a matter of hours.
	Unable to Scale Encryption	The rollout of new projects and business applications are hindered because of the inability to deploy and manage encryption to support the security requirements of those projects.

Depending on the environment where keys and certificates are being deployed, some or all of these risks may apply. When considering implementing EKCM best practices, it helps to have an understanding of which of these risks apply to your organization. By prioritizing them and clearly communicating the importance of addressing in your organization, you can accelerate the implementation and adoption of best practices since all stakeholders will understand the tangible value to your organization.

Why Best Practices are Important