Join Erwin Hulst, IT Specialist Certificate Management, and Yoram Peek, DevOps Engineer from Rabobank, the 2nd largest bank in the Netherlands, as they walk us through their challenges and how CMDB automation helped them simplify their certificate enrollment process.
Digital identities (machines and human/machine hybrids like assisted bots) are growing rapidly across organizations to enable fast and efficient execution of routine tasks. These digital workers come in many different flavors (e.g., APIs and container-based workloads, assisted and unassisted bots, a variety of IoT devices and robots). Securing and governing the identities and associated secrets of these digital identities at scale requires automation, agility and orchestration. Governing these identities requires centralized rules and oversight, while allowing for decentralized approaches to managing the many different flavors of digital workers.
The digital world is experiencing unprecedented growth and interconnectivity due to a perfect storm of conditions over the past few years. Achieving almost a flywheel effect, the advent of many technological innovations – the rise of cloud computing, the emergence of 5G, the proliferation of Internet-of-things (IoT) smart devices – has created immense market opportunities for digital products that interconnect our lives and workplaces. At the center of this explosion of connected devices and software-defined-everything is the ability for these interconnected devices to verify their identity with each other. The industry is quickly converging into using digital certificates to express identity. Join us to see how you should get ready for this new world and plan your infrastructure to be able to accommodate the new scale and security requirements for identity platforms, specifically, using digital certificate and certificate authorities.
By 2022, More than 50% of enterprise data will have moved to the public cloud. As we move more sensitive data to the cloud, it’s critical that we choose the best available data security services including encryption, key management, HSM, secrets management, and tokenization to protect that data from breaches and to comply with expanding data privacy and residency regulations. In this webinar, we will cover the confusing set of options and best practices for using cloud-native data security services and when third-party multi-cloud data security services are required to achieve compliance or maintain consistent data security policies, secure key storage, and accelerate DevOps.
What Will You Learn:
- Key Management Options (BYOK , BYOKMS , BYOE).
- Hardware Security Modules (HSM) options and compliance standards.
- Tokenization in cloud applications.
- Secrets Management to support application developers.
“Today, everything is connected – apps, devices, and servers – and everything is relying on public key infrastructure (PKI). Digital certificates are the most prevailing, secure and cost effective way of protecting identities and devices.
As the number of people within organizations and connected devices increases, deploying individual certificates for each application with multiple certificates per device can become a challenge for IT Teams. They have to stay on top of:
- Issuance, renewals and revocation to ensure business continuity
- IT operational costs
- Preventing downtime of business services
With IT departments handling a significant volume of digital certificates, they need management and monitoring tools to improve their operational efficiency and effectiveness.
As one of the world’s original experts and trusted authorities in PKI management and CA services, GlobalSign’s solutions enable enterprises to prevent and resolve PKI challenges. With our own proprietary solutions and through collaboration with best in class technology vendors such as AppviewX, we provide managed services and on-premise solutions for Certificate Lifecycle Management and Provisioning (CLMP), including Certificate Discovery. GlobalSign’s technology partnership with AppviewX delivers specialist services that are readily integrated with GlobalSign’s scalable public and private CA services. This includes managed public, private and dedicated CA hierarchies for your internal and external PKI trust, DevOps and IoT requirements.
There are typically three core benefits of using a Certificate Management Services. GlobalSign can help you understand how you can:
- Know what PKI certificates you have through centralized management & reporting
- Delegate administration and save time and money
- Easily adopt services without extensive change management and burdensome deployment
Join this presentation to understand that Certificate Lifecycle Management is at the core of Certificate Discovery and Provisioning and learn what you need to ensure you are mitigating risk whilst understanding compliance to legal, industry and company policy requirements.
Five Key Takeaways
- Consider what drives your business to have a robust automated CLMP service
- Consider the use cases that you can cover when using the service against
- Understand risk mitigation
- Understand legal compliance & regulations
- Consider an easy end-to-end all in one service”
In this session, we will have Kiran Punjabi from Fastenal sharing real-world PKI and certificate management challenges, and how they overcame them by implementing a next-gen certificate lifecycle management system. Fastenal has been committed to driving excellence through their tools, practices and policies, eliminating the chances of mismanaged certificates. The session will also cover Fastenal’s journey thus far and their vision for the future as they transform their PKI.
“5G is well on its way to becoming ubiquitous, and it brings along opportunities and challenges in equal measure. The significantly increased throughput means it can support more applications per unit area, making way for the unprecedented proliferation of IoT. This opens up new revenue streams for communication service providers (CSPs) in the form of industrial, automotive, and consumer IoT, which is a godsend considering that the smartphone market is reaching stagnation. However, this proliferation comes with security risks – as devices increase, so do vulnerabilities. Effective use of 5G for IoT also requires widespread adoption of edge computing to minimize latency, which further increases the surface area for attacks. Securely harnessing the full potential of 5G for IoT requires elemental changes in the way IoT devices are designed – such as imprinting certificates for authentication during manufacturing. Operational security needs identity management during the device lifecycle and compliance to regulatory standards. In this session, we’ll cover how the telecom industry can benefit from 5G by ensuring a strong PKI for IoT and mobile endpoints. Some takeaways will be:
- What changes would IoT undergo with the advent of 5G
- Tech requirements of 5G
- How to make IoT devices secure by design
- IoT identity issuance, monitoring, and management through certificates
- 5G and IoT regulations and compliance”
“One of the main purposes of digital certificates is to establish and provide trust. Building a trustworthy PKI may be a complex and time-consuming task; however, a good strategy and planning can make it happen with a reasonable amount of effort. An assessment of the PKI maturity level, defining the plan how to achieve next level and track the progress in time, will help to build the robust PKI everyone can rely on. Often, however, PKI is built in a hurry and only for a specific use case without thinking about the strategy and compliance. A non-managed PKI environment is like a time bomb when you do not know what will happen the next day. Where the PKI maturity assessment may uncover some interesting facts about the current environment, it can be a starting point for reasons why we decide to start a PKI migration. Various methods how we can plan and execute a PKI migration exists and the main tasks during the migration may differ whether we would like to build a completely new PKI or keep the current trust chain, that is perform a PKI migration or a certificate migration. Different targets to migrate into, an on-premise solution, in the cloud, or into SaaS, affect your choice of methods and applicability for certificate- or PKI migration. With an on-prem, you can execute a fully transparent PKI migration, while for cloud it depends where private keys are stored and how. When moving into a SaaS solution, a certificate migration is probably the best option. We will take you into the journey of building a public key infrastructure, which is robust and resilient enough to be trusted for decades. We will show the most important aspects and pitfalls during a migration process and how they can be resolved or mitigated. Methods and tools used for the maturity assessment and technical migration will give you a good understanding where you can start to improve your current PKI environment, collect information, and decide.
- Getting from disorganized to a mature PKI
- The PKI maturity assessment level, defining the plan how to achieve the next level, tracking the progress and helping to build the robust PKI everyone can rely on.
- The methods for migrating PKI and certificates
- Outlining two migrations strategies. One where the complete old PKI is transparently moved into a new product, and the other where a new PKI gradually replaces the old one.
- Mitigation of main risks during the migration
- What are the main pitfalls to be aware of during a migration, and how can we manage those.
- Converting a hard-to-maintain multi server PKI into a comfortable consolidated PKI
- Showcasing how you can consolidate many disorganized PKIs into a single consolidated mature PKI using off-the-shelf products and well tested procedures.
- Decide between on-premise, cloud, or SaaS PKI solution
- Whatever your requirements and preference, a PKI migration and consolidation can be performed virtually from any environment into a new on-premise PKI, or a PKI in the cloud or a SaaS PKI.”
The COVID-19 pandemic has closed offices and displaced workers to their homes, causing a transition we have not anticipated nor seen before. This is similar to digital transformation, where companies are moving to the cloud & changing their businesses to survive or be left behind in a new digital world. With these changes we have seen an overwhelming increase in the number of cyber-attacks over the past year. Fortune magazine online has just proclaimed, “A Digital Pandemic Tops off Coronavirus Woes.”
As we continue to adapt to a new normal in our lives and businesses, it is clear that we need to protect both our employees & also our digital assets & networks. Any compromise to corporate data would be catastrophic. The same is true for employees, who must learn to protect themselves & their families while they try to work in the pandemic era.
Modern organizations must evolve to a cloud friendly world, while maintaining security as more data traverses networks out of their control. We can use this change as a learning opportunity, and I will make a few comparisons to the COVID-19 global pandemic as a way towards helping prevent a real digital pandemic.