Trust is arguably the most important component of any functioning society on the planet. Since nearly all who will read this blog are information security professionals, you likely know that Bruce Schneier even wrote an insightful book about it. Without trust, we feel at risk, exposed, and uncertain, ultimately rendering all others in the society with whom we interact in a doubtful state of volatility.
In the physical world, every hour of every day we perform what we view as pedestrian activities, which in reality, involve untold levels of trust to function as designed. Every day activities, like driving in a car, flying on an airplane, depositing money in the bank, eating out at a restaurant, and even drinking and using the water that comes out of the faucets in our homes, involve inordinate amounts of trust to remain, well, delightfully commonplace.
So what if I told you the trust you know and love was beginning to slowly disintegrate before your very eyes? Wouldn’t you want to do something about it to save it? Of course you would, and that’s why you should read on.
Since the dawn of the digital age, our trust in commonplace activities has evolved to include everything we do online. You trust that when you open a web browser, type in the domain name of your bank, log in to your account, and transmit data with that financial institution online that you are communicating privately and securely. In reality, you’re trusting all the load balancers, servers, devices, and machine-to-machine communication that occurs in nanoseconds, with each click of the mouse at your desk or push of the icon on your tablet or phone.
With more and more of society’s activities occuring online, and growing faster than ever with the burgeoning “Internet of Things,” we rely more and more upon the authenticity and validation of each component making up the underpinning of the digital universe’s infrastructure. Each Global 2000 enterprise owns or leases their respective online real estate within the greater digital universe, and if they care about their business, they are responsible for the security, authenticity, and privacy of the data stored upon it or passing through it. In other words, to make any corporation’s real estate a place where people and other corporations want to do business, at its foundation, it must ultimately be trustworthy.
In an effort to keep our online real estate as trustworthy as possible and secure the company against those that aren’t trustworthy, Global 2000 enterprises employ large security organizations. These teams of security experts in turn adopt and apply security strategies made up of security solutions. All of these solutions fundamentally afford the enterprise visibility to see various threat events and the ability to remediate these threat events. We use security frameworks, industry best practices, and security audits to understand what parts of our security strategy need corrective investment, have exposures to close, and have audit findings to be addressed.
But at a more granular level, how do Global 2000 enterprises ensure each and every infrastructure component within their online real estate is secure and authentic, so the data stored upon each component (or passing through) will be kept private and secure? Until the world invents a new mechanism, we all use encryption keys and digital certificates. Each component of an enterprise’s online real estate relies upon encryption keys and digital certificates to confidentally authenticate each component and to keep the associated data private and safe from exposure.
In addition to risk of deprication without innovation, it is these enterprise keys and certificates which are being misused, abused, and targeted more and more by bad actors, including well-organized cybercriminal and espionage groups, as well as malicious or otherwise compromised insiders. Encryption keys and digital certificates are THE foundation of trust online, and it’s this trust that is under attack.
If we continue to allow this corrosion of online trust, our activities online are more and more at risk, exposed, and uncertain. We ultimately reach the same doubtful state of volatility that we reach in the physical world when trust becomes compromised. We must have the visibility into events that threaten encryption keys and digital certificates, just like we have visibility into our networks, user IDs and passwords, privlidged user accounts, and other digital components in which we demand visibility as part of our core security strategy. We must have the ability to respond and remediate threats and weaknesses associated with encryption keys and certificates.
Without having full visibility, control, and remediation capabilities with keys and certificates, our security strategies have serious blind spots (and Gartner agrees). And even more vexing, the way in which we measure our success using security frameworks, industry best practices, and security audits may become completely undermined if we don’t account for threats using keys and certificates to conceal themselves, or threats which target weaker, vulnerable ones. This is exactly what SANS realized, when they recently added numerous control measures to Critical Security Control #17 (Data Protection).
And this is what we do at Venafi. We eliminate the snowballing blind spot that typically exists with enterprises’ encryption keys and digital certificates and enable enterprises to give their trusted online real estate the security and protection it deserves. We provide a proven technology platform which empowers enterprises to achieve comprehensive visibility into all encryption keys and digital certificates. We also provide the ability to respond and remediate against insider and outsider threats misusing, abusing, or targeting weak encryption keys and digital certificates. Venafi exists to defend and champion trust in the digital age. Given the ominous consequences of trust becoming compromised in your online real estate, and thus trust in your brand becoming compromised, nothing is more important. Nothing is of a higher priority than trust. This is why we named our solution the Venafi Trust Protection Platform. This is what we mean by Securing Trust by Protecting Keys and Certificates.