Skip to main content
banner image
venafi logo

CA Agility: What Should Security Leaders Do Next?

CA Agility: What Should Security Leaders Do Next?

crypto agility
June 21, 2017 | Kevin Bocek

CA agility is on the mind of many cyber security researchers and experts. In my previous post, I discussed the events that have led to this popular topic of industry conversation. However, that post reflects only a portion of the situation.

In this entry, I’ll discuss why certificates continue to be critical to an organization’s cyber security posture. I’ll also offer up proven steps that CISOs and security architects can take to strengthen the agility of their security teams and operations.

While organizations have struggled with implementing certificates in the past, it’s clear the role of certificates is only going become more important in the future. Every machine needs an identity (including, containers, cloud IaaS applications and IoT devices) and digital certificates are the preferred method of identification.

In addition, organizations understand the importance and need for increased privacy. Encryption is a necessity, from the GDPR to defeating government surveillance; more and more network traffic is encrypted. Together, these factors mean that the management of machine identities is more important than ever.

So how, exactly, should security leaders adapt their strategies to compensate for the challenges the CA industry faces and their own increasing requirements for certificates?

First, organizations need complete situational awareness of all certificates in use. Security teams must have accurate visibility of their entire certificate landscape to be able to make informed changes quickly. Investing in tools that automate this process can help complete these tasks in minutes.

Once visibility is achieved, organizations should complete the steps below to boost their CA agility:

  1. Quickly and precisely identify the location, owner and key characteristics of every certificate issued across all CAs, both internal and external.
  2. Immediately understand which devices, services and applications are effected by each certificate in order to effectively prioritize rotation and remediation.
  3. Use technology that can revoke, replace, renew or rotate certificates at machine speed and scale.
  4. Validate that all certificate remediation complies with security policies and workflows so you can prove that any certificate changes have been completed correctly.

This guidance fits with the model developed by NIST in 2012 for responding to a CA compromise. Could your organization and systems measure up to this maturity test?

Subscribe to our Weekly Blog Updates!

Join thousands of other security professionals

Get top blogs delivered to your inbox every week

Subscribe Now

See Popular Tags

You might also like

TLS Machine Identity Management for Dummies

TLS Machine Identity Management for Dummies

Certificate-Related Outages Continue to Plague Organizations
White Paper

CIO Study: Certificate-Related Outages Continue to Plague Organizations

About the author

Kevin Bocek
Kevin Bocek

Kevin is Vice President of Security Strategy & Threat Intelligence at Venafi. He is recognized as a subject matter expert in threat detection, encryption, digital signatures, and key management, and has previously held positions at CipherCloud, PGP Corporation and Thales.

Read Posts by Author
get-started-overlay close-overlay cross icon
get-started-overlay close-overlay cross icon

How can we help you?

Thank you!

Venafi will reach out to you within 24 hours. If you need an immediate answer please use our chat to get a live person.

In the meantime, please explore more of our solutions

Explore Solutions

learn more

Email Us a Question

learn more

Chat With Us

learn more