With the pervasive evolution of the IoT at our doorstep, PKI has become one of the fastest-growing cyber-security tactics in business and government today. PKI is used to create, manage, distribute, use, store and revoke digital certificates. The visible management of all certificates within your network is crucial to your organisational security infrastructure. Businesses often make mistakes when it comes to accurately handling the management of their PKI. Unknown certificates are vulnerable certificates. So, how can you ensure best practice when it comes to PKI Management?
PKI Management is an overarching set of security structures used by organisations to create secure management of websites and other online services.
PKI is the combination of digital certificates and key pairs. Key pairs consist of an asymmetrical public and private key, where one is encrypted and then decoded by the other. What PKI structure you decide to implement depends on the nature of your organisation.
PKI mistakes often stem from not having proper PKI management. Proper PKI management is essential to the ideal implementation of your PKI infrastructure. PKI management will involve planning, hierarchy, and implementation.
Planning your PKI infrastructure is an important step in making sure all the moving parts come together. Poor planning can result in PKI that does not deploy properly. PKI needs to be properly deployed at install time. Without expert planning and deployment PKI can cause enormous headaches within an organisation.
Make sure security protocols are up to date security protocols need to be up to date to ensure weak spots don’t present a viable path for bad actors to gain access to sensitive information. SSL – or a secure sockets layer – is an important security feature for secure HTTPs transmissions. These layers can and have been compromised in the past. Therefore it’s necessary to ensure you have migrated to the latest versions. Outdated algorithms, ciphers and protocols can cause serious issues. In order to mitigate security risks cryptography must constantly be updated. When it comes to algorithms and ciphers, those that currently should never be used include SSL 2.0, 3.0, and TLS 1.0 and 1.1, although the IETF has approved and published TLS 1.3
Another issue with DIY PKI is when organisations rely on PKI keys that are too small. This can make it easier for hackers and bad actors to guess or work out PKI keys by reverse-engineering the algorithms base values.
Compromised storage solutions if a key is stored in a compromised situation, it becomes easier for bad actors to steal PKI keys. HSMs, or Hardware Security Modules can offer another layer of protection for PKI key storage solutions.
Bad password management in many cases its a good idea to regularly change your password, the same is true for rotating PKI certifcates and keys. Switching out keys and certificates ensures that if a hacker were to get hold of it, it’s more likely they would get hold of outdated credentials.
Certificate life cycle planning good PKI planning goes beyond the roll-out phase. Particularly where the Internet of Things is concerned. Expenses can incur where certificates expire, as can security risks.
Lack of automation – automation is one of the best tools out there for reducing human error. Automation allows for easy organisation of information. Utilising automation within your PKI management can help you renew certificates and keys and ensure that the data relating to your certificates is kept safely and securely.
Cogito Group is an award-winning cybersecurity company specialising in authentication, cloud security, identity management and data protection. Cogito Group protect the authentication methods used to access information through the use of Identity and other security technologies.