There’s a certain kind of magic that happens when the greatest minds in machine identity protection coverge in a single location. That happened for the first time last week at Machine Identity Protection Global Summit 2019. And I was fortunate enough to be able to witness this amazing phenomenon and listen in for collective wisdom from folks who live and breathe machine identity protection. I’d like to share with you a small sample of the insights that I was able to overhear in sessions, meals and hallway chats.
Insights on Machine Identity Threats
- “We’ve got breach fatigue.”
- “SSH is a sleeping dragon.”
- “It takes some skill to use fraudulent or compromised certificates in an attack but any Joe-Blow IT admin can figure out how to hack with an SSH key”
- “SHA-1 is nothing compared to what we’re going to face with the transition to quantum crypto.”
Common Crypto Challenges
- “OCSP doesn’t scale.”
- “It’s hard to give the DevOps guys everything they need as fast as they need it.”
- “I’ve identified hundreds of self-signed SHA-1 certificates on firmware from one of our vendors. What should I do?”
- “We just got a request for 10,000 certificates to secure our CCTVs”
Things that Make You Go Hmm
- “Most executives are embarrassed to admit they don’t know all about TLS. It’s kind of a voodoo thing for them.”
- “Outages are your friend – you can really use them to your advantage”
- “I assumed that a certificate owner would come to me and ask for a certificate…and know what a certificate is. Wrong.”
- “OMG! We never look at all the keys and certificates a user has had access to when they leave.”
Celebrating Successful Outcomes
- “Everything I’m worried about Venafi is solving, today or in the near future.”
- “Automation allowed us to put controls in place that protect private keys during transit.”
- “Before Venafi it took us 10 days to deliver a certificate from CSR to installation. It’s now 1 day and we have a lot more certificates”
- “We estimate that our PKI team spent about an hour per certificate request all told. We took that to zero with automation.”
- “Every time you present an invalid certificate to a user you’re training them to be phished”
- “If DevOps doesn’t have workflows, how can you trust their data?”
- “It’s not about enforcement; it’s about making it easy for certificate users. If we don’t do that they will go do something like spin up their own CA.”
- “Outages breed outages. If you don’t have control chain of trust problems will crop up where you least expect them”
Do you share some of the insights and challenges that Venafi customers shared last week at Machine Identity Protection Global Summit in Orland? Contact us to see how Venafi can help you protect your organization’s machine identities using a rare combination of visibility, intelligence and automation.
Already a customer? Mark your calendars for Machine Identity Protection Global Summit 2020 in San Diego, California from May 12-15.
Learn more about machine identity protection. Explore now.