Log in

Sign Up 

 
Founding Member of FormIGA – the global Industry for Good Alliance

C’mon Baby Hear The Noise –How to Assemble the Essential Components of Certificate Management

6 Sep 2012 12:00 AM | Anonymous

3) Management need to be kept aware and take responsibility:

‘Buck passing’ is a frequent past-time in many organisations, especially if someone isn’t willing to stand up and take responsibility – or feel that they can. All too often the security team does not feel empowered to bring information to the management’s attention, or no mechanism exists to inform the CIO of risks that might affect the business. On the other hand CIOs are frequently more concerned about not spending money, and keeping the board happy, than giving their “troops” the support and resources they need. If this sounds familiar then perhaps it’s time it didn’t.

4) Pay Attention and Act on New Clues – Regardless of the Source:

In the IT industry there is not a day that goes by when we are not being alerted about yet another risk. However it is questionable how seriously organisations take alerts that may relate to Iranian nuclear facilities, or breaches of databases in Japan, etc.

Just because you may not have used Diginotar certificates, or Digicert Malaysia was not on your list of preferred suppliers, does not mean that you’re not the next victim. Every single Windows device has been affected by Flame and no one saw that coming!

5) Denial and Retribution:

Bottom line is somebody has to pay, and when your business’ reputation and earnings are affected by severe failure in your IT infrastructure, then someone will pay. Corporate senior management expect that those who are paid to fulfil a specialist role can do so effectively. There are not many CSOs or IT Security Directors who can expect to survive a digital certificate compromise or a certificate authority (CA) compromise on the basis of “there were no warning signs”!

6) You Never Know When It will Hit You:

Just like a boy scout – you need to be prepared. If you wake up tomorrow and discover that your internal and/or external CA had been completely compromised, would you have a clear action plan. Likely not, and I’m sure that should you get the opportunity to be in a similar position in your next organisation that you’d be better prepared the next time around!

7) Get Serious About The Risk:

Your infrastructure security is under attack, and your keys, certificates and CAs are a primary target. Those attacking you understand that you have ignored this area, and that enterprise key and certificate management has generally been forgotten about. Your enemy is exploiting your ignorance, and unless you get control of your CAs, they will get you.

What many organisations are still ignoring is that keys and certificates are the very foundation of secure systems — therefore a CA compromise will have dramatic effects. The reason these dramatic effects have taken place is because hackers have woken up to how they can use compromise certificates, from badly run CAs, to carry out major data breaches. The litany of recent attacks such as Flame, Stuxnet and Duqu have surely displayed that CA compromises are now a strategic tool in the hackers swag bag. There is no point securing the perimeter of your defences if the hacker can use a stolen certificate to swoop through them, gaining access to all of your organisation's secrets — you need to understand the risks, put processes in place and educate all of your staff to be prepared for and how to respond to a CA compromise. Otherwise the only noise you will hear is the closing of the door behind you and your organisation decides it cannot risk employing you for any longer.

Powered by Wild Apricot Membership Software