Skip to main content
banner image
venafi logo

SANS-Barclays Webcast: Why Trust Is Essential and Encryption Is Hard

SANS-Barclays Webcast: Why Trust Is Essential and Encryption Is Hard

Trust Encryption Webcast SANS
October 25, 2018 | Robyn Weisman

About a month ago, SANS hosted a Venafi-sponsored webcast that went into detail about why Barclays chose Venafi to manage its machine identities. Titled What Works in Certificate and Key Management: Enabling Secure Digital Business Using Venafi’s Trust Protection Platform, the webinar features SANS’ John Pescatore and Troels Oerting, formerly group chief security officer and group CISO at Barclays (Oerting recently left Barclays to head the Global Centre for Cybersecurity at the World Economic Forum).

No time to watch the webcast? I also recommend checking out the case study.

Here are some highlights. But rather than giving you simple recap of this webinar, I would like to focus on two general points that Oerting and Pescatore discuss. Those are:

  • Encryption is easy to do wrong and hard to do right.
  • Developing and maintaining trust will become increasingly difficult going forward—and your solutions will make or break your success.

Why Is Encryption so Hard?

Perhaps my favorite part of the webcast was Pescatore’s quick history of encryption. In fact, cryptocurrencies predate Bitcoin by 800–900 years. Back in the 1200s, the Knights Templar developed the first form of secured currency. If you were traveling to, say, the Holy Land, you could pay them an amount of money, and they would give you a piece of paper with some random numbers on them. The paper was useless to robbers because what could they do with that parchment (Europe was at least 500 years away from adopting paper money)? Then, when you reached your destination, you presented this paper to another Knights Templar, who would decode it and give you your amount minus the equivalent of a bank charge.

Of course, things have gotten more complex since those chivalric days. There are countless more things that need to be encrypted and the management of encryption not surprisingly is more intricate. Not only do you have to manage random data and algorithms, you need to manage the machine identities of all the machines transporting this encrypted information.

Part of the problem happened after public key infrastructure started taking hold in the 1970s. Pescatore says:

“The assumption was, we would all agree on common trusted third parties, whether they were governments, industry organizations, big tech giants or phone companies, [but] that hasn't happened. There are no totally centralized places we can trust to obtain the latest certificates and latest values of public and private keys to do encryption and digital signatures and other things. So, this world of having to figure out ways to manage keys and certificates ourselves is the reality we're in.”

Pescatore says that’s why it’s so “hard to do encryption well and easy to do it badly.” Encryption itself is easy, but ensuring that only the right people are able to decrypt it is difficult. You have to manage keys and certificates effectively, and that means tracking and managing third-party trust. In the past, organizations have relied on spreadsheets and pop-up messages reminding you to renew keys and certificates, but “That obviously hasn’t scaled,” he says.

Oerting concurs with Pescatore’s assessment. “I'm fan of encryption, and I think we should encrypt everything, both in rest and in flow, but that requires also a strong key and certificate management system for identifying expired and rogue certificates and keys—and that is a huge task,” he says.

Why Trust Is More Important Than Ever

In choosing Venafi, Oerting describes a world where financial institutions have to contend with so many components—from public and hybrid cloud environments to IoT devices. “All of that needs to be managed in a new reality that flawlessly needs to avoid false positives that shut down services that need to work while keeping services from being open to attack,” Oerting explains. “Machine identity will play an increasing role in who survives in the future of this online landscape” because of the growing number of devices that connect without human interaction.

Oerting says that you have to ensure your data is secure because trust will end up being one of the biggest competitive differentiators. “I happen to believe that customers will choose banks not because they get 0.1% loan interest rate but because they can trust that company with their most sensitive data—because [the bank] will know so very much about you,” he says. And all that data—your address, your place of employment, your identity card number, your credit cards—that is data you want to secure from threat actors because data is quickly becoming the new oil.

“In the old days you chose a bank because your dad chose that bank or because it was nearby. But now you have other criteria, which why I think that those who are most trusted will actually also be those who will win,” Oerting concludes. And machine identity protection will play an important role in securing that trust.

Related posts
Subscribe to our Weekly Blog Updates!

Join thousands of other security professionals

Get top blogs delivered to your inbox every week

See Popular Tags

You might also like

Privileged access management, certificate manager, NIST

An Interview with CISO Shawn Irving: Why Machine Identity Protection Is Critical to Privileged Access Management

An Interview with Phil Agcaoili: Why Financial Services Organizations Need Machine Identity Protection

An Interview with Phil Agcaoili: Why Financial Services Organizations Need Machine Identity Protection

enterprise cyber security, PKI tool, iot protection

An Interview with CISO Justin Metallo: What It Takes to Protect Machine Identities

About the author

Robyn Weisman
Robyn Weisman

Robyn Weisman writes for Venafi's blog and is an expert in machine identity protection.

Read Posts by Author
get-started-overlay close-overlay cross icon
get-started-overlay close-overlay cross icon
Venafi Risk assessment Form Image

Sign up for Venafi Cloud


Venafi Cloud manages and protects certificates



* Please fill in this field Please enter valid email address
* Please fill in this field Password must be
At least 8 characters long
At least one digit
At last one lowercase letter
At least one uppercase letter
At least one special character
(@%+^!#$?:,(){}[]~`-_)
* Please fill in this field
* Please fill in this field
* Please fill in this field
*

End User License Agreement needs to be viewed and accepted



Already have an account? Login Here

×
get-started-overlay close-overlay cross icon

How can we help you?

Thank you!

Venafi will reach out to you within 24 hours. If you need an immediate answer please use our chat to get a live person.

In the meantime, please explore more of our solutions

Explore Solutions

learn more

Email Us a Question

learn more

Chat With Us

learn more
Chat