Today, organizations rely heavily on TLS and other encryption protocols to protect data inside and outside their network boundaries. However, most enterprises are at risk because they are not maintaining crypto-agility, which is the ability to quickly replace encryption certificates and keys in response to security events, including a certificate authority (CA) compromise, a vulnerable algorithm, or a cryptographic library bug. To achieve crypto-agility, organizations must not only be able to quickly respond to mass certificate replacement events but must also be able to demonstrate policy compliance of all certificates and identify any anomalies.
To ensure the security of their encryption is maintained, businesses must know where all their encryption certificates and keys are and be able to quickly and securely replace them. Yet most organisations don’t even have a central inventory of these critical security assets. Digital transformation and the expanding definition of machine are exacerbating this challenge with overwhelming growth in the number and complexity of machines—requiring the use of certificates and keys with cloud instances and containers, industry-specific and IoT devices, and other modern applications for authentication and secure machine communications. With this lack of visibility and extreme growth, organisations are not prepared for bulk replacement of keys and certificates in response to a security event.
This session starts with an overview of the threats and risks that make crypto-agility a requirement for all organizations. The session will also highlight where organizations have had advanced notice of impending large-scale crypto incidents, but most were not, and are not, ready to respond. The session will help attendees evaluate the current certificate management maturity and crypto-agility of their organizations followed by a vendor-neutral actionable plan for achieving crypto-agility to successfully respond to certificate security events.
