Skip to main content
banner image
venafi logo

The Wild West of Encryption: A Holdup for Keys and Certificates

The Wild West of Encryption: A Holdup for Keys and Certificates

generic_blog_banner_image
September 3, 2015 | Mark Miller

During my time at PGP which was run by some of the most passionate security trailblazer’s of their time, part of the fight was trying to teach the world that they should encrypt their data. Time and time again, I have heard people say that they have nothing to hide so they are not worried about privacy. I love Edward Snowden’s quote “Arguing that you don’t care about the right to privacy because you have nothing to hide is no different than saying you don’t care about free speech because you have nothing to say.” His quote really brings it home for me.

Philip Zimmerman went to federal court and won the right to privacy for us. For me, this is up there with the right to vote. At PGP, we taught the need to encrypt and protect your data at rest and in transit. Here at Venafi, we teach that you need to protect your encryption assets—keys and certificates. Those are the new targets, because encryption is pretty good (PGP: Pretty Good Privacy), which makes our encryption keys a target of cybercriminals to break or leverage encryption in their attacks.

Sadly, they are apparently an easy target, because in most environments, digital certificates and keys are like the Wild West. Even with a software solution from a leading company like Venafi, if you don’t put the proper level of attention to managing and securing your certificates and keys, you will be vulnerable to exploitation from, at the very least, your lack of visibility.

The Wild West of Encryption

Let’s face it; unless you have a solution in place and have dedicated the right resources, you don’t have the following:

  1. You don’t know what CAs are in your environment (we have discovered rogue CAs issuing certificates in customer environments)
  2. You don’t know where all of your wild card certificates live (we have found file shares with certificates and private keys)
  3. You don’t have any control whatsoever over self-signed certificates that anyone can issue and use
  4. You don’t know what data is being sent out of your organization to some outside entity (e.g., Edward Snowden)
  5. You don’t have any guarantee that your production will not shutdown tomorrow due to a certificate-related outage
  6. You don’t have any control over or visibility into your SSH inventory, which provides privileged access to your systems
  7. You don’t have the ability to respond quickly to a problem with CAs, keys, or certificate-related outages

There are many more specific scenarios and examples I can share. The Wild West was a dangerous place. It eventually got better as communication and response times improved and society got together to solve the problem. In the Wild West days, physical banks and trains were the targets. Intercepting a train carrying a valuable payload was pretty easy because, by the time you knew you were robbed, it was too late. Today, it is digital keys and certificates. Welcome to the Wild West of encryption.

Like this blog? We think you will love this.
Intelligent robot looking into the future
Featured Blog

Blockchain May Be Leading Us Toward More Secure Human Authentication. But What About Machines?

Read More
Subscribe to our Weekly Blog Updates!

Join thousands of other security professionals

Get top blogs delivered to your inbox every week

See Popular Tags

You might also like

CIO Study: Certificate-Related Outages Continue to Plague Organizations
White Paper

CIO Study: Certificate-Related Outages Continue to Plague Organizations

Forrester Consulting Whitepaper: Securing the Enterprise with Machine Identity Protection
Industry Research

Forrester Consulting Whitepaper: Securing the Enterprise with Machine Identity Protection

Machine Identity Protection for Dummies
eBook

Machine Identity Protection for Dummies

About the author

Mark Miller
Mark Miller

Mark Miller is Senior Director, Enterprise Security Support, at Venafi, where he works with hundreds of the world’s largest companies to develop and implement strong, resilient cybersecurity strategies across a constantly evolving set of interlocking technologies. Mark has focused on building and leading strong teams to solve difficult product issues.

Read Posts by Author
get-started-overlay close-overlay cross icon
get-started-overlay close-overlay cross icon
Venafi Risk assessment Form Image

Sign up for Venafi Cloud


Venafi Cloud manages and protects certificates



* Please fill in this field Please enter valid email address
* Please fill in this field Password must be
At least 8 characters long
At least one digit
At last one lowercase letter
At least one uppercase letter
At least one special character
(@%+^!#$?:,(){}[]~`-_)
* Please fill in this field
* Please fill in this field
* Please fill in this field
*

End User License Agreement needs to be viewed and accepted



Already have an account? Login Here

×
get-started-overlay close-overlay cross icon

How can we help you?

Thank you!

Venafi will reach out to you within 24 hours. If you need an immediate answer please use our chat to get a live person.

In the meantime, please explore more of our solutions

Explore Solutions

learn more

Email Us a Question

learn more

Chat With Us

learn more
Chat