PKI Revelations Episode 1: We Were Wrong

Editor’s Note: This is the first blog post in a series of posts from us that will focus on our PKI Revelations. Trigger Alert: These blog posts may be real, raw, and controversial (but no PKIs were harmed in the writing of these posts). We hope you join us for the fun and read along!

 

Organizations lack the security intelligence that they need … and PKI assessments aren’t enough!

 

The PKI Solutions team knows the Public Key Infrastructure (PKI) space inside and out. We’re PKI innovators. We created this concept of best practices for PKI assessments more than 20 years ago when Mark B. Cooper, now known as “The PKI Guy,” was a senior engineer at Microsoft and he created the company’s first consolidated set of PKI best practices. At Microsoft, he led the PKI effort designing, implementing, and supporting ADCS environments for Microsoft’s largest customers and he became Microsoft’s leading subject matter expert for ADCS and identify management. And, ever since he founded PKI Solutions back in 2014, we’ve been doing advanced PKI assessments onsite with customers. We even have an innovative online portal for PKI assessments.

 

But … we were wrong! PKI Assessments aren’t enough.

 

Even though we’ve spent many years working on PKI assessments and developing best practices for you, something is missing. We’ve created innovative online assessment tools for you – but, not enough. We’ve developed world-class onsite PKI assessment protocols that been very helpful to our customers and in-depth assessment reports that have “saved their bacon” in more than a few occasions. However, there’s a fundamental problem. We continue to see that despite innovations with assessment tools and the dramatic lowering of prices for PKI assessments (hey, we even offer FREE online PKI assessments), organizations still are not taking advantage of assessments in the way that they should. The other problem is that these types of assessments are too infrequent, they’re not in the moment or real-time, they’re not thorough, they’re really not helping organizations. A fundamental change is needed.

 

So, we had this wrong. There must be a better way. It’s time for something new -- something radical. We believe that there is an immediate need to transform the concept of the PKI assessment and what security intelligence should mean. Organizations like yours need to have real-time information, ongoing PKI assessments, and ongoing monitoring to provide the security intelligence on what’s happening to their infrastructure as well as to their security components – like their PKI. Real-time information and holistic monitoring is key to achieving the best security and availability for your PKI

 

Organizations are facing real business problems and PKI challenges that demand immediate attention. Much like an iceberg where only the top is seen, many risks and PKI challenges lurk beneath the surface. An organization’s business and PKI challenges are complex and can be dangerous to your bottom line.

 

Here are just a few of these challenges:

 

· Companies may be losing revenue due to an inability for their POS system to operate

· Organizations may be unable to detect and respond to security breaches in the PKI

· IT teams may be unable to connect or authenticate the corporate network

· Businesses may experience lost worker productivity due to failed VPN/WiFi authentication

· IT teams may have dependency on manual processes to review and detect issues that can cause organization-wide outages

· Organizations may experience lack of awareness of device failures and the urgent need to execute replacement and repair processes

 

All of these business issues are mission-critical and time-sensitive. No once-in-a-while PKI assessment is going to help business and IT leaders stay on top of these situations. Do not operate like the Titanic when navigating the “icebergs” of the cybersecurity world. Organizations need security intelligence that is quickly accessed, useful, and helps with decision making. IT teams need real-time, comprehensive PKI monitoring and alerting and critical information at their fingertips, not a sporadic system of PKI assessments.

 

As our friends at Gartner stated in an October 2018 report, “Public Key Infrastructure (PKI) and digital certificates are hard to manage … Technical professionals need to transform the perception – and the deployment – of PKI to establish an automated management regime for PKI.”

 

Yes, we were wrong about PKI assessments as they stand now. But, the good news is that we’ve been working on a solution. And, since our company’s name is PKI Solutions, that’s just how we roll!

 

In a couple of months, we’ll be announcing some exciting news about what we’ve been working on to provide organizations with the real-time security intelligence that they need -- when they need it and how they need it. It’s a new year, it’s time for a new way to PKI. Stay tuned!

About ThePKIGuy

President & Founder at PKI Solutions, Leading PKI Cybersecurity Subject Matter Expert, Author, Speaker, Trainer, Microsoft Certified Master.

Leave a Comment





This site uses Akismet to reduce spam. Learn how your comment data is processed.