The IT Nerd

Keyfactor, the leader in PKI as-a-Service and crypto-agility solutions, today announced a strategic partnership with digital transformation solutions provider Infinite Ranges. The collaboration enables enterprise teams to overcome the DevSecOps gap through the implementation of best practices and automated solutions.

A recent survey of more than 600 IT and security professionals identified likely occurrences of code signing and key misuse in enterprise environments over the next two years; 73% of respondents experienced unplanned downtime and outages due to mismanaged digital certificates. Many enterprises employ Public Key Infrastructure (PKI) and digital certificates in DevOps workflows to secure code through its lifetime. However, traditional PKI relies on manual processes, making it ill-equipped for agile process requirements.

Infinite Ranges’ specialization as an implementation partner for both Keyfactor and Hashicorp Vault provides a unique offering within the market.

Keyfactor provides cloud-hosted PKI-as-a-Service infrastructure through integrated certificate and key management, secure signing and secure IoT device design. The platform provides discovery, integration and orchestration capabilities, enabling teams to gain complete crypto-agility, extensibility and visibility.

Cloud-based email management company Mimecast recently disclosed that a threat actor obtained one of its digital certificates and used it to gain access to some of its clients’ Microsoft 365 accounts.

Chris Hickman, chief security officer at Keyfactor, a leading provider of secure digital identity management solutions, says:

“These attacks are not about FireEye, SolarWinds or Mimecast; the disturbing trend we are seeing is that these breaches are becoming habitual. The threat actors behind the attacks, whether they are using the SolarWinds backdoor or another, are targeting certificates and credentials. They are leveraging cryptographic assets to gain network access and evade security controls. 

The current trendline indicates that parts of the industry are still treating certificates as ‘just certificates’ rather than cryptographic assets that play a more important role in hardening network security. Technology alone cannot prevent breaches like this – companies need to ensure that they have in place the right controls, policies and follow industry best practices in order defend themselves against the evolving thread landscape. Companies need to take a hard look at how they manage and secure digital certificates and cryptographic keys in order to better protect themselves and their customers.

Here are some best practices to mitigate misuse of keys and certificates:

• Never store code-signing keys on developer workstations, web servers or build servers. Private keys should be kept in a FIPS 140-2 validated HSM
• Segregate duties between who is authorized to sign code, who can approve the request, and who can monitor and enforce compliance with signing policies.
• Maintain an active inventory of all certificates, where they are installed, who they were issued from, and who owns them (and your domains). 
• Control certificate issuance and approval workflows to ensure that every certificate is trusted, compliant with policy, and up-to-date.
• Test your certificate re-issuance and revocation capabilities to ensure you can respond effectively to a compromise.”

Keyfactor, the leader in crypto-agility solutions, and Per Scholas, a national non-profit that drives positive and proven social change in communities across the country through technology training, today announced a partnership program providing traditionally underrepresented individuals with access to mentorship and skills training for high-growth careers in the cybersecurity industry.

Per Scholas partners with leading employers, developing student curriculum that aligns to specific roles in the technology industry, including IT and security. As a Per Scholas partner, Keyfactor provides mentorship, curriculum input and training to help close the cybersecurity skills gap while addressing use cases unique to the evolving IT and cybersecurity threat landscape.

Together, Keyfactor and Per Scholas have defined an employer diversity plan using a three-prong strategy to encourage innovative thinking, implement diverse hiring practices and build awareness of demographic and societal imbalances.

IT and cybersecurity leaders are invited to attend a fireside chat to learn more about the partnership and diversity plan by registering at: https://summit.keyfactor.com/talks/fireside-chat/.

Individuals from Netflix and Microsoft will be keynote speakers for Keyfactor’s upcoming Critical Trust Virtual Summit, taking place on October 21-22, 2020.  Session information and details are below:

Looking Past the Pandemic: Futureproofing Against Data Risk

Presented by Ann Johnson, Microsoft – Corporate VP of Security, Compliance & Identity (SCI) Business Development

October 21, 2020 @ 2:25pm ET

People will create more than 175 Zettabytes of data by 2025. While this abundance of data fuels machine learning, artificial intelligence and automation, this abundance also presents risks to our security, economies and fundamental right to privacy as data also becomes one of our great assets to help address global challenges. Enterprises must now look beyond AI as just a proactive defense and consider data both an asset and a risk.

More info: https://summit.keyfactor.com/talks/looking-past-the-pandemic-futureproofing-against-data-risk/

How Netflix Delivers with Speed and Agility (And you can too!)

Presented by Andy Glover, Netflix – Director of Productivity Engineering

October 22, 2020 @ 2:30pm ET

As security teams work more closely with DevOps engineering, they need to move fast and be agile.  Andy will discuss how Netflix’s competitive advantage is the ability to innovate with speed and agility, which is facilitated by their culture. He’ll share his lessons learned from investing in automation to building centralized teams and how these benefits can also be adopted by your organization.

More info: https://summit.keyfactor.com/talks/guest-keynote-day-2/

Keyfactor’s two-day online event will offer over a dozen additional sessions and panels delivered by industry-leading innovators and practitioners specializing in crypto-agile best practices across IT, security, engineering and DevOps:

• Morgan Stanley and Mastercard –  Leadership in Cybersecurity: Insights from FinServ Experts
• HID –  Reign in Your Rogue Admins: Best Practices for Managing SSL/TLS Certificates
• Abbott and General Motors – Real-world Results for IoT Device Design Manufacturers
• M&T Bank and Sensata Technologies – Lessons Learned from PKI Experts
• ISARA and Thales – What to Watch Out for in 2021: Top Trends in Crypto
• Infinite Ranges –  Securing the CI/CD Pipeline Without Disrupting Developers

You can register here.

Keyfactor, the leader in crypto-agility solutions, today announced its inaugural digitally delivered conference, the Critical Trust Virtual Summit, which will take place on October 21-22, 2020. The two-day online event will offer more than 15 sessions and panels delivered by industry-leading innovators and practitioners specializing in crypto-agile best practices across IT, security, engineering and DevOps.

The Critical Trust Virtual Summit includes panels and sessions featuring top industry experts focused on Public Key Infrastructure (PKI) best practices, certificate lifecycle automation, zero trust manufacturing and future industry trends. Event presenters, industry partners and highlighted sessions include:

• Microsoft –  Looking Past the Pandemic: Futureproofing Against Data Risk
• Morgan Stanley and Mastercard –  Leadership in Cybersecurity: Insights from FinServ Experts
• HID –  Reign in Your Rogue Admins: Best Practices for Managing SSL/TLS Certificates
• Abbott and General Motors – Real-world Results for IoT Device Design Manufacturers
• M&T Bank and Sensata Technologies – Lessons Learned from PKI Experts
• ISARA and Thales – What to Watch Out for in 2021: Top Trends in Crypto
• Infinite Ranges –  Securing the CI/CD Pipeline Without Disrupting Developers

IT, DevOps and security leaders and practitioners can register for their free Critical Trust Summit pass by visiting: https://summit.keyfactor.com/.

Keyfactor, the leader in crypto-agility solutions, today announced the release of SSH Key Manager for Keyfactor Command, its complete certificate lifecycle automation and PKI as-a-Service platform. The solution replaces manual management methods, automating access and distribution of SSH (Secure Shell) keys across machines, applications and devices within the enterprise.

SSH keys are used to secure remote access to critical systems and applications. However, lack of adequate management and evolving cyber-attack vectors make SSH keys increasingly vulnerable to exploit. Developers and system administrators often generate SSH keys using default configurations, with many left unmanaged on the network and vulnerable to compromise.

As enterprises expand their use of cryptography to protect sensitive data and secure connections across the business, managing sensitive SSH keys, X.509 certificates and cryptographic keys – sometimes referred to as machine identities – becomes critical. Keyfactor enables customers to establish an end-to-end machine identity strategy, with a centralized platform to manage all keys and certificates in the organization.

According to Gartner, machine identity management “encompasses a number of technologies, that today remain mostly siloed (i.e., X.509 certificate management, SSH key management, as well as secrets and other crypto-key management).” Gartner advises security and risk management leaders focused on identity and access management (IAM) to “use full life cycle management or discovery-centric tools to audit the number of deployed machine identities; and to identify the potential risks from expiry and overall compliance.”*

SSH Key Manager for Keyfactor Command enables:

• Reduced risk exposure – maintaining a real-time inventory of SSH keys and the ability to delete or rotate weak or inactive keys.
• Complete visibility – allowing teams to find SSH keys and map trust relationships to users, machines and web services, whether on-premises or in the cloud.
• Greater control – providing a simple dashboard to identify risks, assign key permissions and simplify audits with easy-to-generate reports.
• Seamless automation – automating SSH key deployment as workloads are spun up in multi-cloud and CI/CD environments.

To learn more or to request a demo of the SSH Key Manager for Keyfactor Command, please visit: www.keyfactor.com.

*Gartner Hype Cycle for Identity and Access Management Technologies, 2020, 16 July 2020, Ant Allan

Gartner does not endorse any vendor, product or service depicted in its research publications and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.

Keyfactor, the leader in crypto-agility solutions, ranked as fastest growing digital key and certificate automation provider on the 2020 Inc. Magazine Inc. 5000, an annual ranking of America’s fastest growing private companies. The list represents a unique look at the most successful companies within America’s privately held business sector.

Noting Keyfactor’s momentum, in the past year the company:

• Welcomed its 500^th customer to the Keyfactor platform, a five-fold increase since 2018
• Secured more than 500 million digital certificates under management
• Announced partnerships and integrations with innovators such as HashiCorp, ServiceNow, F5, CyberArk, PrimeKey and Thales
• Earned recognition as a Sample Vendor for Machine Identity Management in Gartner’s Hype Cycle for Identity and Access Management Technologies, 2020 (Authored by Ant Allan, Published 16 July 2020)

The 2020 Inc. 5000 is ranked according to percentage revenue growth when comparing 2016 and 2019. Not only have the companies on the 2020 Inc. 5000 been very competitive within their markets, but the list as a whole shows staggering growth compared with prior lists as well. 

Complete results of the 2020 Inc. 5000 can be found at www.inc.com/inc5000.

Keyfactor, the leader in securing digital identities, and PrimeKey, a leading provider of open-source public key infrastructure (PKI) and digital signature solutions, today announced a partnership and integration to simplify and automate PKI for large-scale enterprise and internet of things (IoT) deployments.

Enterprises today – and a growing number of connected device manufacturers – rely on PKI to enable digital security. Enterprise security teams and IoT product developers issue trusted and unique identities necessary to protect sensitive data, ensure uptime and secure connections across cloud services and connected devices.

PrimeKey delivers a uniquely scalable and flexible alternative to existing certificate authority (CA) software, providing turnkey PKI solutions for governments, financial institutions and thousands of global enterprises. As a pioneer in open-source PKI, PrimeKey’s solutions address a range of digital identity use cases such as IoT, e-ID and e-Passports, as well as PKI migration and consolidation.

Enterprises today use a mix of public and private CAs to support PKI, yet ever-increasing certificate volumes are a challenge to manage across multiple CA-provided tools. Using an API-based gateway, Keyfactor’s certificate management solution (Keyfactor Command) integrates with PrimeKey’s PKI (EJBCA Enterprise), providing end-to-end visibility and automation to all private and publicly issued certificates within a single, purpose-built platform.

Additionally, the integration between EJBCA Enterprise and Keyfactor’s end-to-end identity platform for connected devices (Keyfactor Control) makes it easy and affordable for IoT device manufacturers to embed trusted identity into their IoT products at design, and secure firmware and software updates through the device lifecycle. 

To learn more about the integration, visit: https://info.keyfactor.com/ejcba-enterprise-certificate-management.

Keyfactor today announced at the RSA Conference its partnership and technology integration with SSL/TLS crypto-library provider wolfSSL. The integration provides greater security control to IoT (Internet of Things) device manufacturers at design and through a product’s lifetime.

Recent research analyzed IoT device vulnerabilities, emphasizing inherent design constraints and limited entropy as critical factors contributing to IoT device security risks. Solid yet flexible cryptographic libraries are critical in ensuring embedded and connected IoT devices can scale with evolving security requirements and best practices.

The integration combines wolfSSL crypto libraries with Keyfactor PKI-as-a-Service and certificate lifecycle management to secure next gen connected IoT devices. Keyfactor Control enables device designers and manufacturers to leverage technology and PKI to continuously replace, manage and update cryptography on IoT devices, while wolfSSL SSL/TLS libraries support resource constrained IoT systems across industrial control systems, medical devices and connected vehicles.

WolfSSL and Keyfactor will introduce the partnership and integration at 4:00pm on February 25th and 26th in the South Hall at Booth #3211 at RSAC in San Francisco.

Keyfactor, the leader in securing digital identities, today announced the launch of the Keyfactor Partner Network, its global channel partner program, and the appointment of BJ Ferguson as head of global channel sales and operations

The Keyfactor Partner Network includes solutions providers, strategic OEM and distribution alliances, custom systems integrators and strategic technology integrations providers. Qualifying partners benefit from a trusted transaction approach, aggressive sales margins and extensive support with access to education, certification programs and marketing development funds.

New research found only 38% of enterprise respondents have enough IT security staff members dedicated to PKI deployment, and that program responsibility is dispersed across IT operations (21%) and other lines of business (19%). Lack of defined ownership and disparate tool use is driving security risk, with 73% of businesses reporting unplanned downtime and outages due to mismanaged digital certificates, a core component within PKI.

For more information about the Keyfactor Partner Network, visit: https://www.keyfactor.com/partners/.