The IT Nerd

Keyfactor, the leader in securing digital identities, today announced the launch of the Keyfactor Partner Network, its global channel partner program, and the appointment of BJ Ferguson as head of global channel sales and operations

The Keyfactor Partner Network includes solutions providers, strategic OEM and distribution alliances, custom systems integrators and strategic technology integrations providers. Qualifying partners benefit from a trusted transaction approach, aggressive sales margins and extensive support with access to education, certification programs and marketing development funds.

New research found only 38% of enterprise respondents have enough IT security staff members dedicated to PKI deployment, and that program responsibility is dispersed across IT operations (21%) and other lines of business (19%). Lack of defined ownership and disparate tool use is driving security risk, with 73% of businesses reporting unplanned downtime and outages due to mismanaged digital certificates, a core component within PKI.

For more information about the Keyfactor Partner Network, visit: https://www.keyfactor.com/partners/.

Keyfactor and Ponemon Institute today released the 2020 edition of “The Impact of Unsecured Digital Identities,” a benchmark report exploring enterprises’ ability to manage increasing numbers of cryptographic keys and digital certificates securing network connections.

Digital certificates and keys ensure authenticity across enterprise user, application and device identities. Cryptographic algorithms encrypt the data associated with those identities, providing secure communication and exploit protection. Two-thirds of respondents say their organization is adding additional layers of encryption to comply with industry regulations and IT policies; however, shorter certificate validity has doubled the management workload on short-staffed IT and security teams.

Additional key findings:

• Connected IoT increasing risk: 60% say they’re adding additional layers of encryption technologies to secure IoT devices, but 46% admit low ability to maintain IoT device identities and cryptography over device lifetime.
• A rise in security incidents: on average, organizations have experienced a Certificate Authority (CA) or rogue man-in-the-middle (MITM) and/or phishing attack five times in the last 24 months, with a 40% likelihood of a MITM or phishing attack over the next 24 months; 73% of respondents admitted that digital certificates have and continue to cause unplanned downtime and outages.
• Staffing shortages: on average, 16% of the IT security budget is spent on PKI deployment annually, yet just 38% of respondents say their organization has enough IT security staff members dedicated to PKI deployment.
• Cryptography related security incidents undermine trust: 76% of respondents say failure to secure keys and certificates undermines the trust their organization relies upon to operate.
• Cryptography lacks a center of excellence: Despite the rising cost of PKI and growth of cryptography-related incidents, just 60% of companies have the ability to drive enterprise-wide best practices.

The study was conducted by Ponemon Institute on behalf of Keyfactor and included responses from more than 600 IT and infosec executives and practitioners in the United States and Canada across 14 industries, including financial services, healthcare, manufacturing, retail and automotive.

Keyfactor today announced DevOps integrations with automation and containerization industry leaders Ansible, Docker, HashiCorp, Jenkins and Kubernetes to offer security-first services and solutions designed to seamlessly integrate with existing enterprise tools and applications.

A rise in cryptographic-based attacks, like last year’s ASUS attack, exploit third-party software and its digital certificates, allowing attackers to connect to sensitive backend systems or push malware through updater tools. Recent research indicates a 39% likelihood that organizations will experience a similar server certificate or key misuse incident over the next two years.

According to research firm Gartner Inc., “proper secrets management, including certificate and key management, is crucial to security agile applications.”¹

Digital certificates have long played an integral – if not routine – role in DevOps workflows, securing authentication across users, devices and applications. The secure identities the certificates establish reinforce key DevOps practices within infrastructure, pipeline, code and microservices integration, thereby bridging the DevSecOps gap and the ability to mitigate security risk.

Keyfactor offers cloud-hosted PKI-as-a-Service infrastructure through integrated certificate and key management, secure signing and secure IoT device design. The platform provides discovery, integration and orchestration capabilities, enabling teams to gain complete crypto-agility, extensibility and visibility.

Keyfactor today announced research findings identifying a vulnerability across active RSA certificates. RSA certificates and the RSA algorithm are commonly used to securely transmit data to a remote source. Using minimal computing resources, researchers were able to collect and analyze 175 million RSA certificates and keys used to protect real-world Internet traffic.

The active and publicly available RSA keys (which consist of the product of two large, randomly chosen primes) were mined to identity common factors. Any keys sharing one of their prime factors with another key are compromised by this technique. The analysis found over 435,000 certificates with a shared factor, with researchers able to rederive the private key.

When these devices include medical implants and cars, the impact of the malfunction can be devastating. The research stresses the importance of security best practices, random number generation for connected systems and use of cryptography to securely install firmware and software updates through the lifecycle of the device.

Researchers built a database of 75 million active RSA keys using Keyfactor’s proprietary SSL/TLS certificate discovery capabilities. The dataset was augmented using 100 million certificates available through certificate transparency logs and analyzed on a single virtual machine in Microsoft Azure, using Keyfactor’s scalable GCD algorithm to find shared factors. The findings were released at the First IEEE Conference on Trust, Privacy and Security in Intelligent Systems and Applications.

To download a copy of the research paper, please click here.

Keyfactor, the leader in securing digital identities, today announced the latest update to its award-winning PKI (public key infrastructure) as-a-service and certificate lifecycle automation solution, Keyfactor Command. The offering supports information security, IT and DevOps teams juggling security priorities, regulatory demands and digital transformation.

In a recent survey, 44 percent of security and IT professionals indicated that lack of skills and expertise is the greatest challenge they face in managing their organization’s PKI, with 37 percent of respondents citing the secure adoption of DevOps, cloud and IoT as a primary concern.

According to Gartner Inc., the world’s leading research and advisory company, “technical professionals tasked with delivering effective identity and access management (IAM) capabilities should: establish a PKI management regime and leverage certificate management tools to manage and monitor SSL/TLS certificates, and focus on enabling automatic outage detection and mitigation, compliance and policy requirements and crypto-agility.”

We believe Keyfactor provides the most complete PKI operations solution delivered from the cloud, enabling both enterprise security teams and IoT device manufacturers to operate end-to-end agile digital identity management. This release includes improvements to discovery and auditing across the entire digital certificate landscape – critical capabilities required to meet regulatory and security mandates.

Key advancements include:

• Secure Automation – Integrates with CyberArk to enable secure access to privileged accounts required for certificate and key lifecycle automation.
• Improved Tracking and Auditing – Enables auditors to retrieve a complete audit log of every user activity and configuration change within the platform.
• Extended Discovery – Expands certificate discovery capabilities with support for Server Name Indication (SNI).
• Enhanced Reporting – Includes a new, expanded library of pre-packaged and customizable reports.

For more information about Keyfactor Command 7, please visit: https://blog.keyfactor.com/introducing-new-integrations-and-more-in-keyfactor-7.

For more information about Keyfactor and its services, please visit: www.keyfactor.com.

In a survey released today, Keyfactor, a leading provider of secure digital identity management solutions, revealed that 87% of surveyed cybersecurity professionals think more privacy and security legislation is required to better protect Canada’s businesses and consumers.

According to the survey, 58% of respondents think regulators and elected Canadian officials are not doing enough to standardize security guidance on measures like data encryption.

Public Key Infrastructure (PKI) is a tried and tested security tool that protects digital identities across people, software and technology. However, PKI management remains a manual process for many organizations.

The survey also found that:

• 50% of respondents cite manual and complex processes as their greatest challenge in managing PKI
• 43% of respondents were most concerned about their ability to securely adopt DevOps, cloud and IoT

Survey results were gathered through surveys conducted with IT security professionals at SecTor, Canada’s premier IT security education conference. For a complete list of survey results, please visit: https://blog.keyfactor.com/new-survey-finds-security-pros-concerned-about-pki.

Keyfactor, a leading provider of secure digital identity management solutions, today announced that chief strategy officer and company co-founder Kevin von Keyserling has been awarded Top Manager in the third-annual SC Media Reboot Leadership Awards.

In co-founding the company in 2001, von Keyserling helped to create hundreds of information security jobs in Cleveland, establishing the area as a growing software hotbed. In addition to job creation, he has transformed the business from security consultancy to technology innovator creating the digital identity and security software platform that today serves the world’s largest healthcare, medical device, financial services, retail and automotive companies.

Alongside its industry-first code signing solution released this year, the company announced a $77M USD growth investment from Insight Venture Partners in January and its acquisition of European Digital Identity Firm Redtrust in July.

The Reboot Leadership Awards are an adjunct to SC Media’s annual Reboot coverage, recognizing the best and brightest cybersecurity luminaries and organizations.

For profiles of all this year’s SC Media Reboot Leadership Awards honorees, visit www.scmagazine.com.