The IT Nerd

Keyfactor, the leader in crypto-agility solutions, and Per Scholas, a national non-profit that drives positive and proven social change in communities across the country through technology training, today announced a partnership program providing traditionally underrepresented individuals with access to mentorship and skills training for high-growth careers in the cybersecurity industry.

Per Scholas partners with leading employers, developing student curriculum that aligns to specific roles in the technology industry, including IT and security. As a Per Scholas partner, Keyfactor provides mentorship, curriculum input and training to help close the cybersecurity skills gap while addressing use cases unique to the evolving IT and cybersecurity threat landscape.

Together, Keyfactor and Per Scholas have defined an employer diversity plan using a three-prong strategy to encourage innovative thinking, implement diverse hiring practices and build awareness of demographic and societal imbalances.

IT and cybersecurity leaders are invited to attend a fireside chat to learn more about the partnership and diversity plan by registering at: https://summit.keyfactor.com/talks/fireside-chat/.

Individuals from Netflix and Microsoft will be keynote speakers for Keyfactor’s upcoming Critical Trust Virtual Summit, taking place on October 21-22, 2020.  Session information and details are below:

Looking Past the Pandemic: Futureproofing Against Data Risk

Presented by Ann Johnson, Microsoft – Corporate VP of Security, Compliance & Identity (SCI) Business Development

October 21, 2020 @ 2:25pm ET

People will create more than 175 Zettabytes of data by 2025. While this abundance of data fuels machine learning, artificial intelligence and automation, this abundance also presents risks to our security, economies and fundamental right to privacy as data also becomes one of our great assets to help address global challenges. Enterprises must now look beyond AI as just a proactive defense and consider data both an asset and a risk.

More info: https://summit.keyfactor.com/talks/looking-past-the-pandemic-futureproofing-against-data-risk/

How Netflix Delivers with Speed and Agility (And you can too!)

Presented by Andy Glover, Netflix – Director of Productivity Engineering

October 22, 2020 @ 2:30pm ET

As security teams work more closely with DevOps engineering, they need to move fast and be agile.  Andy will discuss how Netflix’s competitive advantage is the ability to innovate with speed and agility, which is facilitated by their culture. He’ll share his lessons learned from investing in automation to building centralized teams and how these benefits can also be adopted by your organization.

More info: https://summit.keyfactor.com/talks/guest-keynote-day-2/

Keyfactor’s two-day online event will offer over a dozen additional sessions and panels delivered by industry-leading innovators and practitioners specializing in crypto-agile best practices across IT, security, engineering and DevOps:

• Morgan Stanley and Mastercard –  Leadership in Cybersecurity: Insights from FinServ Experts
• HID –  Reign in Your Rogue Admins: Best Practices for Managing SSL/TLS Certificates
• Abbott and General Motors – Real-world Results for IoT Device Design Manufacturers
• M&T Bank and Sensata Technologies – Lessons Learned from PKI Experts
• ISARA and Thales – What to Watch Out for in 2021: Top Trends in Crypto
• Infinite Ranges –  Securing the CI/CD Pipeline Without Disrupting Developers

You can register here.

Keyfactor, the leader in crypto-agility solutions, today announced its inaugural digitally delivered conference, the Critical Trust Virtual Summit, which will take place on October 21-22, 2020. The two-day online event will offer more than 15 sessions and panels delivered by industry-leading innovators and practitioners specializing in crypto-agile best practices across IT, security, engineering and DevOps.

The Critical Trust Virtual Summit includes panels and sessions featuring top industry experts focused on Public Key Infrastructure (PKI) best practices, certificate lifecycle automation, zero trust manufacturing and future industry trends. Event presenters, industry partners and highlighted sessions include:

• Microsoft –  Looking Past the Pandemic: Futureproofing Against Data Risk
• Morgan Stanley and Mastercard –  Leadership in Cybersecurity: Insights from FinServ Experts
• HID –  Reign in Your Rogue Admins: Best Practices for Managing SSL/TLS Certificates
• Abbott and General Motors – Real-world Results for IoT Device Design Manufacturers
• M&T Bank and Sensata Technologies – Lessons Learned from PKI Experts
• ISARA and Thales – What to Watch Out for in 2021: Top Trends in Crypto
• Infinite Ranges –  Securing the CI/CD Pipeline Without Disrupting Developers

IT, DevOps and security leaders and practitioners can register for their free Critical Trust Summit pass by visiting: https://summit.keyfactor.com/.

Keyfactor, the leader in crypto-agility solutions, today announced the release of SSH Key Manager for Keyfactor Command, its complete certificate lifecycle automation and PKI as-a-Service platform. The solution replaces manual management methods, automating access and distribution of SSH (Secure Shell) keys across machines, applications and devices within the enterprise.

SSH keys are used to secure remote access to critical systems and applications. However, lack of adequate management and evolving cyber-attack vectors make SSH keys increasingly vulnerable to exploit. Developers and system administrators often generate SSH keys using default configurations, with many left unmanaged on the network and vulnerable to compromise.

As enterprises expand their use of cryptography to protect sensitive data and secure connections across the business, managing sensitive SSH keys, X.509 certificates and cryptographic keys – sometimes referred to as machine identities – becomes critical. Keyfactor enables customers to establish an end-to-end machine identity strategy, with a centralized platform to manage all keys and certificates in the organization.

According to Gartner, machine identity management “encompasses a number of technologies, that today remain mostly siloed (i.e., X.509 certificate management, SSH key management, as well as secrets and other crypto-key management).” Gartner advises security and risk management leaders focused on identity and access management (IAM) to “use full life cycle management or discovery-centric tools to audit the number of deployed machine identities; and to identify the potential risks from expiry and overall compliance.”*

SSH Key Manager for Keyfactor Command enables:

• Reduced risk exposure – maintaining a real-time inventory of SSH keys and the ability to delete or rotate weak or inactive keys.
• Complete visibility – allowing teams to find SSH keys and map trust relationships to users, machines and web services, whether on-premises or in the cloud.
• Greater control – providing a simple dashboard to identify risks, assign key permissions and simplify audits with easy-to-generate reports.
• Seamless automation – automating SSH key deployment as workloads are spun up in multi-cloud and CI/CD environments.

To learn more or to request a demo of the SSH Key Manager for Keyfactor Command, please visit: www.keyfactor.com.

*Gartner Hype Cycle for Identity and Access Management Technologies, 2020, 16 July 2020, Ant Allan

Gartner does not endorse any vendor, product or service depicted in its research publications and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.

Keyfactor, the leader in crypto-agility solutions, ranked as fastest growing digital key and certificate automation provider on the 2020 Inc. Magazine Inc. 5000, an annual ranking of America’s fastest growing private companies. The list represents a unique look at the most successful companies within America’s privately held business sector.

Noting Keyfactor’s momentum, in the past year the company:

• Welcomed its 500^th customer to the Keyfactor platform, a five-fold increase since 2018
• Secured more than 500 million digital certificates under management
• Announced partnerships and integrations with innovators such as HashiCorp, ServiceNow, F5, CyberArk, PrimeKey and Thales
• Earned recognition as a Sample Vendor for Machine Identity Management in Gartner’s Hype Cycle for Identity and Access Management Technologies, 2020 (Authored by Ant Allan, Published 16 July 2020)

The 2020 Inc. 5000 is ranked according to percentage revenue growth when comparing 2016 and 2019. Not only have the companies on the 2020 Inc. 5000 been very competitive within their markets, but the list as a whole shows staggering growth compared with prior lists as well. 

Complete results of the 2020 Inc. 5000 can be found at www.inc.com/inc5000.

Keyfactor, the leader in securing digital identities, and PrimeKey, a leading provider of open-source public key infrastructure (PKI) and digital signature solutions, today announced a partnership and integration to simplify and automate PKI for large-scale enterprise and internet of things (IoT) deployments.

Enterprises today – and a growing number of connected device manufacturers – rely on PKI to enable digital security. Enterprise security teams and IoT product developers issue trusted and unique identities necessary to protect sensitive data, ensure uptime and secure connections across cloud services and connected devices.

PrimeKey delivers a uniquely scalable and flexible alternative to existing certificate authority (CA) software, providing turnkey PKI solutions for governments, financial institutions and thousands of global enterprises. As a pioneer in open-source PKI, PrimeKey’s solutions address a range of digital identity use cases such as IoT, e-ID and e-Passports, as well as PKI migration and consolidation.

Enterprises today use a mix of public and private CAs to support PKI, yet ever-increasing certificate volumes are a challenge to manage across multiple CA-provided tools. Using an API-based gateway, Keyfactor’s certificate management solution (Keyfactor Command) integrates with PrimeKey’s PKI (EJBCA Enterprise), providing end-to-end visibility and automation to all private and publicly issued certificates within a single, purpose-built platform.

Additionally, the integration between EJBCA Enterprise and Keyfactor’s end-to-end identity platform for connected devices (Keyfactor Control) makes it easy and affordable for IoT device manufacturers to embed trusted identity into their IoT products at design, and secure firmware and software updates through the device lifecycle. 

To learn more about the integration, visit: https://info.keyfactor.com/ejcba-enterprise-certificate-management.

Keyfactor today announced at the RSA Conference its partnership and technology integration with SSL/TLS crypto-library provider wolfSSL. The integration provides greater security control to IoT (Internet of Things) device manufacturers at design and through a product’s lifetime.

Recent research analyzed IoT device vulnerabilities, emphasizing inherent design constraints and limited entropy as critical factors contributing to IoT device security risks. Solid yet flexible cryptographic libraries are critical in ensuring embedded and connected IoT devices can scale with evolving security requirements and best practices.

The integration combines wolfSSL crypto libraries with Keyfactor PKI-as-a-Service and certificate lifecycle management to secure next gen connected IoT devices. Keyfactor Control enables device designers and manufacturers to leverage technology and PKI to continuously replace, manage and update cryptography on IoT devices, while wolfSSL SSL/TLS libraries support resource constrained IoT systems across industrial control systems, medical devices and connected vehicles.

WolfSSL and Keyfactor will introduce the partnership and integration at 4:00pm on February 25th and 26th in the South Hall at Booth #3211 at RSAC in San Francisco.

Keyfactor, the leader in securing digital identities, today announced the launch of the Keyfactor Partner Network, its global channel partner program, and the appointment of BJ Ferguson as head of global channel sales and operations

The Keyfactor Partner Network includes solutions providers, strategic OEM and distribution alliances, custom systems integrators and strategic technology integrations providers. Qualifying partners benefit from a trusted transaction approach, aggressive sales margins and extensive support with access to education, certification programs and marketing development funds.

New research found only 38% of enterprise respondents have enough IT security staff members dedicated to PKI deployment, and that program responsibility is dispersed across IT operations (21%) and other lines of business (19%). Lack of defined ownership and disparate tool use is driving security risk, with 73% of businesses reporting unplanned downtime and outages due to mismanaged digital certificates, a core component within PKI.

For more information about the Keyfactor Partner Network, visit: https://www.keyfactor.com/partners/.

Keyfactor and Ponemon Institute today released the 2020 edition of “The Impact of Unsecured Digital Identities,” a benchmark report exploring enterprises’ ability to manage increasing numbers of cryptographic keys and digital certificates securing network connections.

Digital certificates and keys ensure authenticity across enterprise user, application and device identities. Cryptographic algorithms encrypt the data associated with those identities, providing secure communication and exploit protection. Two-thirds of respondents say their organization is adding additional layers of encryption to comply with industry regulations and IT policies; however, shorter certificate validity has doubled the management workload on short-staffed IT and security teams.

Additional key findings:

• Connected IoT increasing risk: 60% say they’re adding additional layers of encryption technologies to secure IoT devices, but 46% admit low ability to maintain IoT device identities and cryptography over device lifetime.
• A rise in security incidents: on average, organizations have experienced a Certificate Authority (CA) or rogue man-in-the-middle (MITM) and/or phishing attack five times in the last 24 months, with a 40% likelihood of a MITM or phishing attack over the next 24 months; 73% of respondents admitted that digital certificates have and continue to cause unplanned downtime and outages.
• Staffing shortages: on average, 16% of the IT security budget is spent on PKI deployment annually, yet just 38% of respondents say their organization has enough IT security staff members dedicated to PKI deployment.
• Cryptography related security incidents undermine trust: 76% of respondents say failure to secure keys and certificates undermines the trust their organization relies upon to operate.
• Cryptography lacks a center of excellence: Despite the rising cost of PKI and growth of cryptography-related incidents, just 60% of companies have the ability to drive enterprise-wide best practices.

The study was conducted by Ponemon Institute on behalf of Keyfactor and included responses from more than 600 IT and infosec executives and practitioners in the United States and Canada across 14 industries, including financial services, healthcare, manufacturing, retail and automotive.

Keyfactor today announced DevOps integrations with automation and containerization industry leaders Ansible, Docker, HashiCorp, Jenkins and Kubernetes to offer security-first services and solutions designed to seamlessly integrate with existing enterprise tools and applications.

A rise in cryptographic-based attacks, like last year’s ASUS attack, exploit third-party software and its digital certificates, allowing attackers to connect to sensitive backend systems or push malware through updater tools. Recent research indicates a 39% likelihood that organizations will experience a similar server certificate or key misuse incident over the next two years.

According to research firm Gartner Inc., “proper secrets management, including certificate and key management, is crucial to security agile applications.”¹

Digital certificates have long played an integral – if not routine – role in DevOps workflows, securing authentication across users, devices and applications. The secure identities the certificates establish reinforce key DevOps practices within infrastructure, pipeline, code and microservices integration, thereby bridging the DevSecOps gap and the ability to mitigate security risk.

Keyfactor offers cloud-hosted PKI-as-a-Service infrastructure through integrated certificate and key management, secure signing and secure IoT device design. The platform provides discovery, integration and orchestration capabilities, enabling teams to gain complete crypto-agility, extensibility and visibility.