Skip to main content
banner image
venafi logo

There is Security Kryptonite on Your Sticky Note

There is Security Kryptonite on Your Sticky Note

November 5, 2015 | Mark Miller
Key Takeaways
  • People often opt for simplicity even at the cost of security
  • You should assume that your security credentials—passwords, private keys, etc.—aren’t safe with ANYONE
  • You can have your simplicity and security too with automated key and certificate management

I've had the pleasure of working with a lot of security professionals in my time with security software and there is a reoccurring trend: People have an inherent craving for simplicity and often give in to this craving in ways that are not in their best interests. I feel protective of our customers and want to help them avoid the security mistakes I see others make in their misguided efforts to simplify.

To put it bluntly, people, you shouldn't assume that just because you are dealing with security professionals from vendor companies that your passwords, private keys, and other sensitive information are safe with them. You shouldn't even assume this with your own company's security professionals. If you want to destroy any security solution, add people.

You have no idea how many passwords and plain-text encryption keys I've seen come across screens—or in the case of passwords, seen written on sticky notes and pasted in obvious locations. For example, a colleague and I were working onsite to help a customer resolve an issue. During this visit, a member of the customer's security team was having difficulty remembering a password he needed for access to something.

back of keyboard

"Check the back of your keyboard," my colleague and I joked. But when he turned over his keyboard, there it was: the 1Password password that gave access to all of their “secured” passwords. When I see such things, I fear for our customers.

Admittedly, there's a tradeoff. In the fight for security and simplicity often the first thing to be compromised is security. Most people understand passwords and we still don’t take good care of them. Imagine a certificate and/or a key. Many people really don’t understand those and so we find those spread around on file servers with no password or silly passwords. Can you say “easy brute force target”?

Please properly vet your vendors and security team members: Do all you can to make sure their reputations are spotless and that they are security minded. 1Password has attempted to help corral the mess that we make with passwords and passphrases by making a central location with some level of control. Venafi is helping add security by doing the same for keys and certificates, including policies to enforce company regulations and automation for a complex process that most of our administrators don’t fully understand.

As we just finished Halloween and National Cybersecurity Awareness Month, there are lots of current horror stories around IT security, like the Internet of Pumpkins, the Little Book of Hacking Tales, and many more—all highlighting how human error can cause security issues.

But what are the solutions? How can we take people—always the weakest link in the security chain—out of the picture, or at least limit their impact? Automated key and certificate management and security can be part of the answer.

Venafi can help—providing key and certificate management and security for SSL/TLS keys and certificates, SSH keys, and mobile and user certificates. With Venafi, you can have your simplicity and your security, obviating the need for password-protected private key files by automatically discovering certificates and keys, placing them securely under its protection and control, and managing them throughout their lifecycles. Managing your cryptographic assets can't be simpler—automating the process and taking out the risk of human error.

Venafi even reaches beyond your organization's network to the Internet, where it provides an authoritative key and certificate reputation service. But even with our solutions, you'll still need to take more care in other areas of your company's security.

We know Superman is virtually unbeatable, just like so many security software solutions claim to be, but he has kryptonite as his weakness. Don’t let your craving for simplicity be your security kryptonite. Make sure you always have security-minded people as part of your team.

What is the worst IT security horror story you’ve heard? Any other suggestions on how to avoid security kryptonite? 

Like this blog? We think you will love this.
Featured Blog

What Is IP Spoofing?

What is IP Spoofing?

Read More
Subscribe to our Weekly Blog Updates!

Join thousands of other security professionals

Get top blogs delivered to your inbox every week

See Popular Tags

You might also like

TLS Machine Identity Management for Dummies

TLS Machine Identity Management for Dummies

Certificate-Related Outages Continue to Plague Organizations
White Paper

CIO Study: Certificate-Related Outages Continue to Plague Organizations

About the author

Mark Miller
Mark Miller

Mark Miller is Senior Director, Enterprise Security Support, at Venafi, where he works with hundreds of the world’s largest companies to develop and implement strong, resilient cybersecurity strategies across a constantly evolving set of interlocking technologies. Mark has focused on building and leading strong teams to solve difficult product issues.

Read Posts by Author
get-started-overlay close-overlay cross icon
get-started-overlay close-overlay cross icon
Venafi Risk assessment Form Image

Sign up for Venafi Cloud

Venafi Cloud manages and protects certificates

* Please fill in this field Please enter valid email address
* Please fill in this field Password must be
At least 8 characters long
At least one digit
At last one lowercase letter
At least one uppercase letter
At least one special character
* Please fill in this field
* Please fill in this field
* Please fill in this field

End User License Agreement needs to be viewed and accepted

Already have an account? Login Here

get-started-overlay close-overlay cross icon

How can we help you?

Thank you!

Venafi will reach out to you within 24 hours. If you need an immediate answer please use our chat to get a live person.

In the meantime, please explore more of our solutions

Explore Solutions

learn more

Email Us a Question

learn more

Chat With Us

learn more