The PKI Guy talks digital identity with Kevin von Keyserling of Keyfactor
Q&A with Kevin von Keyserling, CEO and co-founder, Keyfactor
TPG: Tell us about Keyfactor.
KvK: We’re a digital identity software company that provides end-to-end authentication, encryption, and signing technologies that safeguard data, devices, applications, and people. Our platform allows our clients to master every digital identity within their organization quickly, easily and cost-effectively. Up until a few weeks ago, Keyfactor was Certified Security Solutions (CSS).
TPG: What was your goal in your company’s rebranding?
KvK: CSS was emblematic of the original consulting company that worked with Global 2000 companies on digital identity strategy. It was back in 2014 that we began transitioning CSS into a software company. We saw a problem that kept occurring in the market—the challenge of successful digital identity oversight. We knew we could build a platform to make it much easier for organizations to manage the process.
Core to our culture, we wanted to represent what makes us different in the security industry. Many players focus on fear, uncertainty, and doubt. We believe in a message of enablement and freedom to scale and secure your entire enterprise. You shouldn’t have to choose what you secure based on economics. We also streamlined the platform into two key offerings based on the problems that we solve for enterprise and IoT companies.
The name Keyfactor is reflective of what we do—public/private key management + one-factor/two-factor authentication + the math of cryptography. Keyfactor resonates with who are we today and symbolizes the completion of the transition. I’m very proud of it.
TPG: Why is it important to have a digital identity?
KvK: We fundamentally believe that every single electronic device that’s manufactured in the world today is going to collect and disseminate data across the Internet. Keeping the device and data from the device secure is expected by your customers and mandated by your regulators. By binding an identity to a device before it goes out into the world, you can be confident that every device is authenticated and encrypted, and will remain secure for as long as it’s in use.
TPG: How do you secure digital identities?
KvK: The Keyfactor platform automates real-time discovery, monitoring, issuing, and replacement of digital certificates and keys while blocking untrusted access throughout the entire device lifecycle. We’ve been able to scale in environments of 500M+ devices giving our global clients the ability to secure every single digital identity within their organization.
TPG: What is the biggest security challenge facing enterprises today?
KvK: Scalability. Many organizations have begun or are considering a transformational journey. Successful security, like many other operational processes, is not easy. You’re building a strategy and plan that must take into account today’s devices and tomorrow’s innovation. It’s no longer a discrete cycle of “build it, ship it, and move on to the next line.” Security needs to be at the forefront of the design and build. And the security needs of that device post-deployment must be considered. Keyfactor is focused on a very scalable solution that provides digital security throughout the lifecycle of every device.
TPG: What types of companies are implementing digital identities?
KvK: The Global 2000 are the early adopters—they’re the ones who face the biggest risks, liabilities, and challenges and have strict regulatory factions to comply with. Within that tier reside key verticals and manufacturers who are making devices that have human life implications. And these companies are often at the forefront of accelerated adoption because lives are on the line. Medical device manufacturers, electronic health record organizations, healthcare delivery organizations, insurance companies, government regulators, automotive manufacturers…in fact, the entire supply chain that’s making electronic widgets for vehicles is working on addressing the need for wholistic security measures. And then there are companies that wouldn’t naturally come to mind—like elevator manufacturers. There are bad players who could work on crashing an entire fleet of elevators at the same time. We don’t typically think about elevators as life-critical devices, but they are.
TPG: What are your recommendations to companies to improve their security posture?
KvK: Start with the foundation and build from there. From the very beginning, you need to make sure each device has a properly trusted digital identity. Your process should be agile. Anything you’re building into the firmware today will need to be updated. This is where crypto-agility comes into play. Algorithms degrade and you want the ability to maintain and strengthen digital identities over the lifetime of every device. Take an inventory of what you’ve already deployed. Can you easily upgrade what’s out in the field through new firmware? Can you strengthen the digital identity from afar?
Think about use cases—how will the device be used and what data will be gathered and dispersed? Engage the product team that owns the nextgen vision and invest in technology that builds security into the design. Where will the device be two, five, ten years from now? For example, if a car purchased today is driving for an average of 11 years, think about what will be needed to ensure cryptographic strength as long as it’s on the road. Consumers may not be thinking about the dangers of system takeovers, but they’ll sure come up-to-speed quickly if one of your devices ever puts them in danger.
TPG: How does Keyfactor connect with devices and applications?
KvK: We use an open API layer. We offer a feature called AnyAgent, which allows companies to connect to any device or application through open APIs. We can connect to a variety of cloud or client-hosted devices within hours or days, with relative ease in comparison to our competitors. Our API layer is key to making that strategy effective, easy and scalable.
TPG: How are you integrated with other platforms and certificate authorities?
KvK: We’re technology-agnostic. For almost every publicly-trusted CA, we have APIs including workflow automation and have privately-rooted CAs as well.
TPG: How do you work with a PKI system?
KvK: We do a number of things—first we spend time learning about how you currently run and operate your PKI. Once our technology becomes integrated, we begin simplifying the various facets of certificate management: certificate issuance, current cert location(s), renewals, and revocations. We provide granular reporting that illustrates what the environment looks like including how many certs have been issued, algorithms in place (identifying those that are weak and need replacement), and certs that are nearing expiration. We remove the complexity of certificate management and make it easy for organizations to do it right.
TPG: How do you see the securing of identities evolving?
KvK: It will become more and more seamless. Single sign-on, reduced sign-on—with more devices and apps becoming connected, the process of managing digital identities is getting bigger and bigger every day. But investments are being made and organizations are getting better at it behind the scenes. We’re getting to a point where cryptographic keys are updated automatically. The days of typing in passwords and UserIDs will be here for awhile, but will become more automated in a secure way than ever before.
TPG: What is the future of identity management?
KvK: The definition of identity management is changing. For a long time it’s been managing humans and devices identities separately. In the future, these processes will come together, merging into a single management system that administers digital security for human, software and device identities as one.
Leave a Comment