“Jeff Hudson: ‘Attackers will escalate their assault where they find weak encryption keys and mismanaged certificates. Every enterprise relies on hundreds and even thousands of certificates and encryption keys, but few know where each one is and how they’re used. Criminals know this and have only just begun their attacks. The techniques used by Stuxnet, Flame, and Duqu are now in the hands of common criminals and will be used for intellectual property theft and inflicting serious harm on enterprise systems.’”
↧
SC Magazine
↧
Baseline
The Hidden Threats of Security Certificates
“In a survey of 471 senior managers by certificate management vendor Venafi, 54 percent of respondents admitted that their organizations had experienced either stolen or unaccounted for encryption keys. IT managers, CTOs and CIOs have gone to great lengths to better secure their systems and protect data, with mixed results: Intrusions still occur and seem to be on the upswing.”
↧
↧
NG Security Summit
Date: December 5-7, 2012
Location: Barton Creek Resort & Spa, Austin, TX
Details: www.nextgensecuritysummit.com
About Venafi
Venafi is the inventor of and market leader in Enterprise Key and Certificate Management (EKCM) solutions. Venafi delivered the first enterprise–class solution to automate the provisioning, discovery, monitoring and management of digital certificates and encryption keys—from the datacenter to the cloud and beyond—built specifically for encryption management interoperability across heterogeneous environments. Venafi products reduce the unquantified and unmanaged risks associated with encryption deployments that result in data breaches, security audit failures and unplanned system outages. Venafi also publishes best practices for effective key and certificate management at www.venafi.com/best-practices. Venafi customers include the world’s most prestigious Global 2000 organizations in financial services, insurance, high tech, telecommunications, aerospace, healthcare and retail. Venafi is backed by top–tier venture capital funds, including Foundation Capital, Pelion Venture Partners and Origin Partners. For more information, visit www.venafi.com.
↧
Secrets to Cloud Success: Regaining Trust and Control in the Ungoverned Wilds
How to stay secure in a changing world
As the world races to adopt cloud computing, there is still a nagging challenge for IT security professionals: How can applications and infrastructure be trusted and controlled when organizations have seemingly given up both to their cloud providers?
With Forrester Research forecasting public cloud computing to reach $57 billion in 2013 and exploding to over $157 billion by 2020, IT security needs to find an approach that works or risk becoming marginalized.
↧
The Data Chain
Flame and Stuxnet Fall-Out Could Continue into 2013 Predicts Venafi
“It’s that time of year again when the IT security industry looks at how the year has developed and predicts what is in store for the industry. Venafi CEO Jeff Hudson, the leading provider of enterprise key and certificate management (EKCM) solutions, suggests that 2013 should be the year when you take control of your IT systems with the explosion of BYOD and cloud computing.”
↧
↧
Venafi Predicts State-Developed Malware that Leverages Digital Certificates to Infect Systems Will Spread to Enterprise Environments, Leading to Security Breaches and Business Interruptions in 2013
Chevron Stuxnet Infection Demonstrates that Hackers and Cybercriminals Are Using State-Developed Techniques to Invade the Enterprise
Salt Lake City, Utah – December 18, 2012
Venafi, the inventor of and market leader in Enterprise Key and Certificate Management (EKCM) solutions, today released its cyber-security and vulnerability predictions for 2013. At the top of its predictions list is that organized cybercriminals and hackers will leverage digital-certificate-based attacks to infect enterprise IT systems with state-developed malware such as Flame and Stuxnet. The results will impact business operations adversely, and could lead to data breaches and brand damage.
“Many pundits, leading media outlets and even some security experts are reporting that enterprises needn’t be overly concerned about Flame and Stuxnet-style malware, citing the fact that they were executed by well-funded government intelligence and military groups whose targets were hostile nation-states and not businesses,” said Venafi CEO Jeff Hudson. “However, our view is that companies should be concerned, as the tools and techniques used to execute these types of attacks are, unfortunately, now in the hands of common criminals and rogue entities. In the coming year, such attacks are likely to increase, especially against enterprises, and are likely to result in major data breaches, unplanned outages and significant disruptions to businesses.”
Venafi bases its predictions on hard evidence, not conjecture. Earlier this year, Chevron (No. 3 in the Fortune 500 rankings) admitted that it had found the Stuxnet malware in its systems. Chevron has since publicly stated that it does not believe the U.S. government realizes how far and wide the malware has spread. Although reports indicate that the incident did not cause damage or result in data loss, it proves that digital-certificate-based attacks are no longer hypothetical or confined to state-vs.-state cyberwar scenarios.
In addition to predicting increased trends in enterprise attacks, Venafi has also researched the overall enterprise security landscape and developed a number of other predictions:
4G-driven mobility and BYOD compliance will cause security and audit nightmares — The availability of near-desktop speed on laptops, tablets and smartphones will lead to a larger number of mobile BYOD users accessing sensitive and regulated corporate data. Organizations that do not have effective management and controls in place for BYOD and related WiFi networks and VPNs, along with their related digital certificates and encryption keys, will find themselves spiraling into a security and compliance nightmare that will result in breaches, fines and brand damage.
MD5 and other weak encryption algorithms will cause breaches — Statistical data gathered by Venafi indicates that nearly all Global 2000 organizations have deployed weak, easily hacked, MD5-signed certificates in their environments. MD5 is the broken certificate-signing algorithm used by Microsoft that allowed hackers to bypass Microsoft security and infect thousands of computers with Flame malware. Once in place, Flame was able to gather sensitive information from the targeted devices. With nearly one out of five certificates deployed across the Global 2000 still using MD5, it is highly probable that related breaches will continue.
The cloud becomes a serious target — The wave of regulators and cybercriminals taking aim at businesses and governments using the cloud has just begun. In the U.S., cloud providers like Amazon and Microsoft now offer compliant cloud services, including HIPAA for healthcare or FISMA for government. Their effectiveness is unproven. In the U.K., the Information Commissioners Office (ICO) outlined a plan for protecting cloud data while complying with U.K. and European Data Protection directives. The ICO can fine organizations £500,000 per violation and states that encryption and “robust key management” are requirements for compliance. With these changes, it is clear that in 2013 regulators globally will take action against organizations that fail to protect data in the cloud.
Security budgets will rise — All signs indicate that most IT security budgets will grow in 2013 due to the increased attention to breaches and to security teams doing a better job articulating both risk and business value. Security projects that can help accelerate strategic projects and reduce work elsewhere are certain to have the best chances of funding in 2013.
Enterprises will realize that they are responsible for ensuring trust and will develop effective continuity and recovery plans — A series of security events that have taken place over the past couple of years have exposed that third-party trust providers are high-value targets for cybercriminals. Organizations know that Certificate Authorities (CAs) can be compromised and that these compromises can lead to devastating cyber attacks. With the assistance of NIST and other best practices available, businesses will start to plan for the inevitable.
Social Links:
Connect with Venafi, interact on:
Facebook: http://www.facebook.com/Venafi
Twitter: @Venafi
LinkedIn: http://www.linkedin.com/company/venafi
YouTube: http://www.youtube.com/user/Venafi
Blog: www.venafi.com/about/blog/
About Venafi
Venafi is the inventor of and market leader in Enterprise Key and Certificate Management (EKCM) solutions. Venafi delivered the first enterprise–class solution to automate the provisioning, discovery, monitoring and management of digital certificates and encryption keys—from the datacenter to the cloud and beyond—built specifically for encryption management interoperability across heterogeneous environments. Venafi products reduce the unquantified and unmanaged risks associated with encryption deployments that result in data breaches, security audit failures and unplanned system outages. Venafi also publishes best practices for effective key and certificate management at www.venafi.com/best-practices. Venafi customers include the world’s most prestigious Global 2000 organizations in financial services, insurance, high tech, telecommunications, aerospace, healthcare and retail. Venafi is backed by top–tier venture capital funds, including Foundation Capital, Pelion Venture Partners and Origin Partners. For more information, visit www.venafi.com.
↧
Yahoo! Finance
“Venafi, the inventor of and market leader in Enterprise Key and Certificate Management (EKCM) solutions, today released its cyber-security and vulnerability predictions for 2013. At the top of its predictions list is that organized cybercriminals and hackers will leverage digital-certificate-based attacks to infect enterprise IT systems with state-developed malware such as Flame and Stuxnet. The results will impact business operations adversely, and could lead to data breaches and brand damage.”
↧
Softpedia
Signs Indicate That IT Security Budgets Will Grow in 2013, Venafi Says
“One of the predictions for 2013 made by Venafi – a provider of enterprise key and certificate management (EKCM) solutions – is that we’ll likely see an increase in the IT security budgets of organizations.”
↧
Camp IT
Date: February 7, 2013
Location: Donald E. Stephens Convention Center Rosemont, Chicago, IL
Details: http://campconferences.com/events/2013/enterprise_risk.htm
About Venafi
Venafi is the inventor of and market leader in Enterprise Key and Certificate Management (EKCM) solutions. Venafi delivered the first enterprise–class solution to automate the provisioning, discovery, monitoring and management of digital certificates and encryption keys—from the datacenter to the cloud and beyond—built specifically for encryption management interoperability across heterogeneous environments. Venafi products reduce the unquantified and unmanaged risks associated with encryption deployments that result in data breaches, security audit failures and unplanned system outages. Venafi also publishes best practices for effective key and certificate management at www.venafi.com/best-practices. Venafi customers include the world’s most prestigious Global 2000 organizations in financial services, insurance, high tech, telecommunications, aerospace, healthcare and retail. Venafi is backed by top–tier venture capital funds, including Foundation Capital, Pelion Venture Partners and Origin Partners. For more information, visit www.venafi.com.
↧
↧
RSA Conference
Date: February 25 – March 1, 2013
Location: Moscone Center, San Francisco, CA
Details: http://www.rsaconference.com/events/2013/usa/index.htm
About Venafi
Venafi is the inventor of and market leader in Enterprise Key and Certificate Management (EKCM) solutions. Venafi delivered the first enterprise–class solution to automate the provisioning, discovery, monitoring and management of digital certificates and encryption keys—from the datacenter to the cloud and beyond—built specifically for encryption management interoperability across heterogeneous environments. Venafi products reduce the unquantified and unmanaged risks associated with encryption deployments that result in data breaches, security audit failures and unplanned system outages. Venafi also publishes best practices for effective key and certificate management at www.venafi.com/best-practices. Venafi customers include the world’s most prestigious Global 2000 organizations in financial services, insurance, high tech, telecommunications, aerospace, healthcare and retail. Venafi is backed by top–tier venture capital funds, including Foundation Capital, Pelion Venture Partners and Origin Partners. For more information, visit www.venafi.com.
↧
Help Net Security
$400 Million Risk Lurking Inside Global Enterprises
“Ponemon Institute and Venafi announced a new report provides an extensive examination of how failure to control trust in the face of new and evolving security threats places every global enterprise at risk. Based on survey participant expectations, organizations are projected to lose $35 million (USD) over the next 24 months. This estimate is based on a total possible cost exposure of $398 million per organization. These and other conclusions are based on new primary research conducted by Ponemon Institute among Global 2000 organizations based in Australia, France, Germany, the United Kingdom and the United States.”
↧
Contra RISK
ContraRisk Security Podcast 0002: Keys, Certificates and Fast-Changing Websites
“A new report by the Ponemon Institute, sponsored by Venafi, has come up with some big, scary numbers in terms of the financial risk companies are running if they fail to get on top of this issue. And however you feel about such headline-friendly statistics, the fact is that there’s a real problem out there. Some of it is at the techie level: it’s all too easy to type ssh-keygen and grab yourself a key pair for some task at hand – such as SSH’ing into a remote server without all that tedious password stuff. Then you forget about the keys and leave them on some poorly secured, yet still Internet-connected, server just waiting to be discovered by your friendly neighbourhood hacker. However, according to Jeff Hudson, CEO of Venafi, the bigger problem is at the top of the organisation, where C-level executives haven’t even heard of SSH or SSL and have no clue as to how much the organisation is at risk if things go wrong.”
↧
Softpedia
Organizations Risk Losing $35 Million Every 2 Years Due to Attacks on Trust, Study Finds
“’Trust is the foundation of all relationships, including those between enterprises and the markets they serve. As our world becomes more connected and more dependent on cloud and mobile technologies, maintaining control over trust by managing keys and certificates must be a top priority for all CEOs, CIOs, CISOs and IT security managers,’ Jeff Hudson, the CEO of Venafi, explained.”
↧
↧
Bartunek Group
Cyber Attacks On Trust Could Cost Top Firms $398m, says Ponemon
“Until now, the cost of failed trust from these attacks has not been quantified, but the Ponemon
report claims to provide the first hard research data about the financial risks. ‘Cyber criminals understand how fragile our ability to control trust has become, and as a result, they continue to target failed key and certificate management,’ said Venafi CEO Jeff Hudson. ‘One of the biggest problems is the lack of knowledge and understanding of how trust works on
the internet by C-level executives, who tend not to listen to those at the coal face, even if they are warning of the risks,’ he told Computer Weekly.”
↧
Understanding the Methodology and Staggering Costs in the Annual Cost of Failed Trust Report
Every Global 2000 enterprise faces a total exposure of almost U.S. $400 million over 24 months due to new and evolving attacks on failed cryptographic key and digital certificate management. And adjusting for probability established by survey participants, we found every enterprise risks losing $35 million.
This findings cap our First Annual Cost of Failed Trust Report: Trusts and Attacks, which quantifies, for the first time, the financial impact of impact of new threats and attacks on our ability to control trust.
↧
Tech Central.ie
Firms Struggling To Secure Trust Infrastructure
“’Cyber criminals understand how fragile our ability to control trust has become and, as a result, they continue to target failed key and certificate management,’ said Venafi CEO Jeff Hudson. ‘These exploits wreak havoc by causing unplanned outages, productivity loss, brand damage and data breaches. Until today the financial impact, the extent of the challenges, and the industry’s recognition of these compromises remained largely unquantified.’”
↧
eWeek
“According to a new study from the Ponemon Institute commissioned by security vendor Venafi, organizations in the Forbes Global 2000 are expected to lose more than $35 million (USD) during the next 24 months. The estimate is based on a total possible cost exposure of $398 million per organization, according to the study, and factors in four cost categories: incident response, productivity loss, brand damage and revenue loss.”
↧
↧
Ponemon to Present Key Findings from its 2013 Cost of Failed Trust Report: Threats & Attacks at RSA Conference 2013
Dr. Larry Ponemon to Highlight How Cyberattacks on Trust Expose Every Global Enterprise to $398 Million in Potential Losses; Groundbreaking Research Quantifies the Financial Impact of Key and Certificate Management Failures
SAN FRANCISCO, CA (RSA Conference 2013)and SALT LAKE CITY, UT – Feb. 26, 2013
Ponemon Institute will present findings from its 2013 Cost of Failed Trust Report: Threats & Attacks, underwritten by Venafi, the inventor of and market leader in Enterprise Key and Certificate Management (EKCM) solutions, at RSA Conference 2013 in San Francisco on Thursday, February 28. Dr. Larry Ponemon will present the report findings during a joint track session titled “Controlling Trust and Risk: Lessons Learned at Boeing and New Ponemon Research.” The session will present how digital certificates and cryptographic keys provide the foundation of trust in today’s enterprises, and expose the hard costs associated with sub-standard key and certificate management.
Click to Tweet: #PonemonInstitute to present 2013 Cost of Failed Trust Report at #RSA on Thurs. Controlling #Trust & #Risk track session
“During this track session I will discuss how systemic enterprise failures in key and certificate management create vulnerabilities that cybercriminals are exploiting to breach corporate and government networks, steal data and disrupt critical business operations,” said Larry Ponemon, chairman and founder of Ponemon Institute Research. “I will present the findings from the 2013 Cost of Failed Trust report, including the research methodology, which quantifies for the first time the cost of trust exploits.
“I’ll share some of the expected and startling findings, including the fact that more than half of the companies surveyed do not know how many keys and certificates they have, that every company had experienced an attack on trust due to failed key and certificate management, and that trust attacks are projected to cost organizations an average of $35 million over 24 months, with a maximum cost exposure of $398 million per organization.”
“These new research findings make it clear that organizations must remediate this problem quickly,” said Kevin Bocek, Venafi vice president of product marketing. “Every organization participating in the research experienced at least one trust exploit in the last two years, and more exploits are expected in the coming 24 months. Enterprises need to proactively manage their keys and certificates or the attacks will only increase. Given our dependence on keys and certificates in the activities of everyday life, from payments to healthcare, that are conducted online, on mobile devices and in the cloud, enterprises have no alternatives. The only difference will be between enterprises that are ahead of the problem and those that are forced into action when under attack. Attend Dr. Ponemon’s session at this year’s RSA Conference in San Francisco to learn more about the findings.”
Download the full Ponemon 2013 Cost of Failed Trust Report: Threats & Attacks here.
Some of the key findings Dr. Ponemon will share include:
- High costs: On average, enterprises are projected to risk losing an average of $35 million over 24 months from attacks on trust. Total possible cost exposure could be almost $400 million per organization.
- Widespread vulnerability: All surveyed enterprises suffered at least one attack on trust due to failed key and certificate management.
- Too vast a problem for manual management: Enterprises have on average 17,807 keys and certificates each, according to the report.
- Unknown and unquantified risk: Fifty-one percent of surveyed organizations do not know exactly how many keys and certificates they have.
- Clear and present danger to cloud computing: Respondents believe difficult-to-detect attacks on Secure Shell (SSH) keys, critical for cloud services from Amazon and Microsoft, present the most alarming threat arising from failure to control trust.
- The need to establish control over trust: Already, 59 percent of enterprises believe that proper key and certificate management can help them regain control over trust and avoid these risks.
The RSA Conference session details:
- Who: Larry Ponemon, chairman and founder of Ponemon Institute Research
- What: Controlling Trust and Risk: Lessons Learned at Boeing and New Ponemon Research
- When: Thursday, February 28, 1 to 2 p.m.
- Where: RSA Conference 2013, Room 123
For more information on the session, visit http://goo.gl/flZfM
To view the report, visit www.venafi.com/Ponemon
To view a video clip of Venafi CEO Jeff Hudson discussing the research, visit: www.venafi.com/VideoOverview
To learn more about the report methodology and key findings, visit the Ponemon Institute blog
About Ponemon Institute
Ponemon Institute© is dedicated to advancing responsible information and privacy management practices in business and government. To achieve this objective, the institute conducts independent research, educates leaders from the private and public sectors and verifies the privacy and data protection practices of organizations in a variety of industries.
About Venafi
Venafi is the inventor of and market leader in enterprise key and certificate management (EKCM). Venafi delivered the first enterprise-class solution to discover all digital certificates and cryptographic keys within an organization, connect these assets to the people responsible for them, report on and audit their use to prove compliance, enforce policy, and automate operations to eliminate security risks, unplanned outages and compliance failures. Designed specifically for the enterprise, Venafi Director helps organizations regain control over trust in the data center, on desktops and mobile devices, and in the cloud by managing Any Key. Any Certificate. Anywhere™. Venafi also publishes best practices for effective key and certificate management. Venafi customers include the world’s most prestigious Global 2000 organizations in financial services, insurance, high tech, telecommunications, aerospace, healthcare and retail. Venafi is backed by top-tier venture capital funds, including Foundation Capital, Pelion Venture Partners and Origin Partners. For more information, visit www.venafi.com.
↧
Attack on SSHD!
In recent news SSHD (SSH daemon) backdoors have been all the buzz, though SSHD rootkits are nothing new. What’s interesting with the new SSHD rootkit is the level of sophistication where the ssh, ssh-agent, and sshd binaries were all replaced. As a result, changing the password on a compromised system will do you no good, the attacker already has root access! As is well known, the main goal of the rootkit is to steal passwords, but this is not the end goal. The end goal is to use the stolen credentials to access systems for their data, and to sell the information for profit.
The use of SSH is widespread in organizations, system administrators commonly rely on it to perform tasks like secure remote system management within their datacenters. When it comes to cloud computing, there is no difference, SSH is commonly used to manage workloads running in private or public cloud environments. Many organizations use cloud computing as an extension to their datacenter; securing the data and controlling trust – as in, who has access to data and how it is accessed, has never been more critical. To any organization, losing control over SSH is a very serious problem. Research on the cost of losing control of trust published by Ponemon institute showed that the most alarming threat to organizations for key & certificate management is the compromise of SSH.
Once a system is compromised via SSH exploit it is very difficult to detect and remove. Simply because the attacker has root privilege and can do pretty much anything they want to do to the system. If there is anything that we can learn from history, it is that criminals will go where the money is; they will take advantage of every weakness in any systems, exploiting them for their own nefarious gain. Cloud computing takes advantage of economies of scale, unfortunately this also means that any exploit that can be taken advantage of – an SSH exploit for example – results in a larger fallout.
So far it has not been confirmed whether the recently discovered SSH rootkit can steal the private key from compromised systems. Simply because the private key is not stored on the system. What has been confirmed is that rootkit hooks the functions used to dump the private key into a file. Evidently SSH exploits are growing in number and are being taken advantage of by cyber-criminals. At the RSA conference this week in the keynote, Microsoft stated something that is very evident and real – PKI (Public Key Infrastructure) is under attack. The question, what are enterprises going to do about it? There are some alarming truths when it comes to the handling of encryption assets like SSH keys that put most organizations at high risk.
Manual key and certificate management – 60 percent of global 2000 organizations manage their keys and certificates manually; that is via spreadsheets maintained by application administrators.
Silo management – If you take into account the number of application administrators the average enterprise has, a new problem is added to the equation: not only are keys and certificates managed manually, but there is a silo effect where multiple organizations within the enterprise each manage their own keys and certificates, in spreadsheets! The result, no enterprise-wide visibility into the trust assets – the key and certificate inventory.
Overbearing volume – The average enterprise has over 17,000 keys and certificates; it is no wonder we see mistakes made by system administrators resulting in damaged brand reputation, like the recent McAfee incident where a digital certificate was inadvertently revoked. As a result trust broke down, and Mac users could no longer verify if an application could be trusted or not.
No third party vetting – SSH has no equivalent to a Certificate Authority that can vet if the system is to trust the SSH keys or not. System administrators must manage this trust relationship themselves. When dealing with multiple internal organizations and tens of thousands of keys and certificates to manage, mistakes will be made and in many cases, shortcuts are taken
There is an increase in outages and exploits related to the mismanagement of keys and certificates. For SSH key theft alone, according to the Ponemon Institute, an enterprise can expect over $U.S. 75 million in potential cost exposure.
Organizations need to take proactive measures to gain control over trust in the management of cryptographic keys and certificates; manual procedures and processes are no longer sufficient. Make sure your organization has an automated key and certificate lifecycle management solution in place. How is your organization protecting itself from PKI attack? How does your organization work around some of the challenges outlined?
↧
Consensus at RSA Conference 2013: “PKI is Under Attack”
At last week’s RSA Conference 2013 in San Francisco, a clear consensus emerged: attacks on the trust established by cryptographic keys and certificates are on the rise and important element in today’s threat landscape. In the Microsoft keynote, Scott Charney, corporate vice president for Trustworthy Computing, declared “PKI is under attack.” Charney explained how criminals are obtaining unauthorized digital certificates or misusing cryptographic keys to enable further attacks.
In the weeks leading up to RSA, criminals obtained valid digital certificates to spread banking malware. And the week before RSA, keys used by Bit9 to digitally sign whitelisted applications were misused, enabling subsequent attacks on Bit9 customer. These and other trust exploits were covered in detail in an educational webcast delivered by Paul Turner, Venafi’s VP of Products and Strategy.
These attacks coincided with the release of new research by the Ponemon Institute into the impact and cost of trust exploits that take advantage of failed key and certificate management. The 2013 Annual Report: Cost of Failed Trust found that all of the more than 2,300 respondents in mostly large enterprises had experienced at least one trust exploit. In his joint session with Boeing at RSA, Ponemon discussed how weak cryptographic exploits and CA compromises were found to impact every organization in the survey.
Ponemon was most surprised about the concern and alarm respondents have about future attacks on SSH. Critical to establishing trusted connections between administrators, machines, and other machines, SSH is the first and last line of control for IaaS cloud services from Amazon, Microsoft, and others. Ponemon said “the importance of SSH to the future of cloud computing” was the reasons why enterprises appear most alarmed by attacks on SSH compared to any other attack on key and certificate management. Criminals have already recognized the enterprise dependence on SSH and in the weeks leading up to the conference were found modifying SSH libraries that captured credentials for subsequent misuse.
While highlighting the rampant rise in attacks on the trust every business and government depends, Charney encouraged the packed keynote audience to “better manage key and certificates” to prevent these attacks. The Cost of Failed Trust research indicates that many organizations first need to start by understanding how and where keys and certificates are used. Over half of respondents believed their organization did not know how many keys and certificates are in use. This means that the average 17,000 keys and certificates used by servers, appliances, and cloud services reported in the research is likely underestimated.
Building an inventory is just one of the best practices Venafi customers helped develop and part of NIST’s July 2012 guidance on Preparing for and Responding to a CA Compromise. Taking these steps can place an enterprise on the journey to regaining the control over trust that presenters at RSA described as being so fragile today. While attacks are on the rise, there is reason for hope. Ponemon noted that almost two thirds of enterprises believe that if you “get key and certificate management right” then the security risks, along with the operational and compliance challenges of using encryption, will be solved.
↧