Simple errors, old and weak cryptography, and alarming, malicious attacks are turning digital certificates and encryption keys into an expressway to downtime, targeted attacks, failed compliance, and data breaches. Fortunately, there are simple steps you can take to make sure your organization doesn’t fall victim.
From online banking to the production line, thousands of certificates and keys in every enterprise are the difference between controlling success or failure.
In this live webinar, learn how enterprises are using NIST and industry best practices to develop an effective Enterprise Key and Certificate Management strategy.
Go to http://www.venafi.com/five-musts-ekcm/ to view the full On Demand Webinar.
9. High-level Steps for Preventing
Downtime
Create an inventory
Check for certificates expiring imminently
Compile and maintain contact information
for each certificate/key
Monitor for expiration and notify
Validate certificate/key installation and
operation
Report
9
10. Establishing a Comprehensive Inventory
Internal &
Systems with External CAs
3 Agent-based
Certificates Discovery
Certificate
Inventory
A
A Database
1 Import
A
from CAs
A
A 4 Individual Import
A by Admins
2 Network
A Discovery
A
A
Network
Discovery
A - Agents Engines
10
24. NIST Alert on CA Compromise
http://csrc.nist.gov/publications/nistbul/july-2012_itl-bulletin.pdf
These recent attacks on CAs make it imperative that organizations ensure they
are using secure CAs and are prepared to respond to a CA compromise or
issuance of a fraudulent certificates.
- NIST, July 2012
24
32. Summary of Best Practices
• Create an inventory
• Analyze the inventory and policy
compliance
• Compile and maintain ownership
information for each certificate/key
• Monitor, validate, and notify
• Manage enrollment
• Optimize and secure provisioning
– Private Key Management
• Educate all stakeholders
32