Skip to main content
banner image
venafi logo

PKI for non-PKI experts: How to Address Compliance Requirements

PKI for non-PKI experts: How to Address Compliance Requirements

Orange Umbrella
February 21, 2017 | Allen Marin

This is part four of our blog series on easy and intuitive encryption management for non-security administrators. Over the last several weeks, we discussed why it makes sense to empower system administrators to manage Public Key Infrastructure (PKI) encryption for their own applications, how to get started, and how to simplify ongoing management over time. In this final post, we’re going to look at how system admins can simplify security and compliance audits with efficient management and protection of the keys and digital certificates that enable encryption.
 

How many CIOs have left their business vulnerable due to a certificate related outage? Find out. 
 

If you’ve been following this series or came across it in your search to find a better way to manage the keys and certificates for your applications, you already know how challenging it can be. Mapping where all these encryption assets are, keeping up with security policies, and making sure certificates are renewed or revoked quickly can be quite stressful—especially if you are using manual processes that can be time consuming and vulnerable to human error.

We’ve seen many cases where ineffective management has led to application outages and security risks, which reflects poorly on your role as a system admin. Maintaining an effective solution to manage these foundational <a href="/solutions/encryption-and-authorization/pki-refresh">PKI security assets</a> will not only secure your applications but also enable you to meet your service level agreements (SLAs).    

In the last post, we talked about the importance of a notification system to warn about out-of-policy or expiring certificates that need quick attention to ensure the environment remains secure. As we saw, automating some of the routine lifecycle activities can minimize the time and effort to keep your certificate environment up to date.

The last piece of the puzzle is to be able to quickly respond to auditors that want to know your applications and host systems or devices are secure. They’ll want to make sure all your systems have valid certificates that align to your organization’s security policy. But it’s not just the occasional audits that you need to prepare timely reports for. Your enterprise security or PKI team will likely reach out to you, too, since they’re the ones ultimately responsible for your organization’s encryption environment.

To address these routine audit scenarios, you’ll need to generate reports that include a list of all your systems (and virtual systems) and their associated certificates. But showing a certificate for each system won’t be enough. The requestor will also need to know that each certificate is aligned to the most recent security policy and meets corporate requirements for certificate key length, hashing algorithm, and validity period. So, you’ll want to make sure you can provide summary and detailed views of all the certificates in your environment. It would also be helpful to export and print customized reports that show your applications and well protected and meeting the organization’s security policies.

While this sounds straightforward, it’s not uncommon for large enterprises to struggle with pulling this level of information together quickly. Most feel a tremendous sense of accomplishment reporting that all relevant systems have certificates, but they often discover that many have validity periods or hashing algorithms that are out of policy. Then it becomes a scramble to request replacement certificates from their designated certificate authority (CA), get the necessary approvals to provision them on the right systems, and validate they are working properly.

If you’re familiar with this process, you know it can take several days or even longer for large environments, especially if it has to be done manually. This is why more organizations are empowering their system admins to manage the certificates for their respective applications.

Your role as a system admin is to be able to quickly see and report that all the certificates for your applications are valid and meet corporate security policies. To do that effectively, you’ll want at-a-glance views of your application’s environment and risk posture. And you’ll need to generate reports that show how your environment meets corporate audit and compliance requirements. In addition to providing a complete view of your environment’s audit posture, this will certainly help you identify and remediate assets that don’t meet those audit requirements.

Strong reassurances like this are essential, especially with the growing trend of certificates-based attacks that are increasingly difficult to detect. PKI and cryptography experts know this, and you as a system admin need to show you understand and take seriously this added responsibility of protecting and managing certificates for your own applications.

How well prepared are you to show your applications meet corporate audit requirements?


Learn more about machine identity protection. Explore now.

 

Subscribe to our Weekly Blog Updates!

Join thousands of other security professionals

Get top blogs delivered to your inbox every week

See Popular Tags

You might also like

PKI for non-PKI experts: What You Need to Know about Ongoing Maintenance

PKI for non-PKI experts: How Do You Get Your Systems Up to Policy?

Making PKI easier for the occasional user

Another Reason to Celebrate this Season: Simplified Usability and SSH Security

About the author

Allen Marin
Allen Marin

Allen Marin writes for Venafi's blog and is an expert in machine identity protection.

Read Posts by Author
get-started-overlay close-overlay cross icon
get-started-overlay close-overlay cross icon
Venafi Risk assessment Form Image

Sign up for Venafi Cloud


Venafi Cloud manages and protects certificates



* Please fill in this field Please enter valid email address
* Please fill in this field Password must be
At least 8 characters long
At least one digit
At last one lowercase letter
At least one uppercase letter
At least one special character
(@%+^!#$?:,(){}[]~`-_)
* Please fill in this field
* Please fill in this field
* Please fill in this field
*

End User License Agreement needs to be viewed and accepted



Already have an account? Login Here

×
get-started-overlay close-overlay cross icon

How can we help you?

Thank you!

Venafi will reach out to you within 24 hours. If you need an immediate answer please use our chat to get a live person.

In the meantime, please explore more of our solutions

Explore Solutions

learn more

Email Us a Question

learn more

Chat With Us

learn more
Chat