In a digital world, everything is a 1 or a 0. Those 1’s and 0’s can range from the lifeblood of an organization down to a simple message from one person to another. In most cases, those 1’s and 0’s can be jostled around: enter encryption. Tight encryption standards can make even the most significant, sensitive data appear to be indecipherable to the naked eye. Multiple firewalls, strong antivirus software, enterprise-wide encryption… these are all techniques utilized to strengthen our security posture to prevent bad actors from accessing sensitive data. Bolstering a strong perimeter security defense, coupled with constantly rotating encryption keys inside and outside of the perimeter, and always having the latest antivirus definitions will lead to a stronger aggregate security posture.
And then there’s Dave...
We can use the strongest encryption available, block everything with multiple firewalls, and even scan every tidbit of information received, but we cannot fully safeguard against the human-error factor. Let’s imagine for a moment that Dave is a cybersecurity administrator. Dave is responsible for rotating outdated/expired keys and certificates plus monitoring/analyzing all incoming logs for potential anomalies. Dave essentially has the “keys to the kingdom” at his disposal. When rotating all those hundreds (and sometimes thousands) of keys and certificates, Dave has to ensure he is using the correct algorithm, the correct length, identifying the correct endpoint, uploading the proper key/certificate, and then possibly scheduling downtime to restart the services of the endpoint so that the new key/certificate goes active. Once that is complete, Dave must make sure the old keys/certificates are not being utilized in other locations so that he may properly revoke them, and in some instances delete them all together.
Long story short, there are many steps that go into managing all of the encryption keys and certificates in an organization-wide security architecture. One small mistake could leave an endpoint or even the entire perimeter compromised. Dave has a lot of work ahead of him. Dave has a lot of potential landmines to successfully navigate. Dave is human. Dave will undoubtedly make a mistake. If only there was a way for Dave to ensure the proper cryptographic material made it to the proper endpoint, and the proper key lifecycle steps were followed properly.
Enter Key Orchestration by Fornetix.
By utilizing the patented Key Orchestration Policy Engine, Dave can configure his enterprise hierarchy in a manner that ensures the proper cryptographic material makes it to the proper endpoints. No longer will Dave have to worry about uploading the wrong type of key into the wrong endpoint, thereby potentially creating a security breach point, or even worse: bricking the endpoint device. Combined with the policy engine, Dave can leverage the Jobs Engine to schedule all of these cryptographic material rotations. By automating the entire key lifecycle process, from key creation and distribution all the way through to revocation and destruction, Dave can completely remove his inevitable human error from the entire process. Strict policy enforcement and mandatory access controls, combined with the Jobs automation will ensure Dave never has to worry about manually changing keys/certificate, or worry about using the wrong key/certificate again. Dave can now reallocate his time to other tasks, thereby increasing his productivity.
Dave is smart. Dave removed the human error factor by leveraging Key Orchestration. Be like Dave.
If you'd like to see how our Key Orchestration can help you improve the security strategy at your company request a custom demo today.Share this entry