Home Security Humans need help with key management: strategist
Venafi chief cybersecurity strategist Kevin Bocek Venafi chief cybersecurity strategist Kevin Bocek

"People don't understand machine identities very well," Venafi chief cyber security strategist Kevin Bocek told iTWire.

Part of the problem is that the SSH keys needed to protect network traffic must themselves be protected, and they also need to be changed frequently, he explained.

It was one thing when almost all servers were physical and the IT team knew what was running on each server and which certificates were involved. Managing keys with spreadsheets was feasible in that situation.

But the use of virtualisation and cloud infrastructure changes the scale of the problem.

"It's really hard to keep track of them," said Bocek. "You can't keep up... so machines have to do the work of managing machine identities."

He pointed to what happened when Google distrusted certificates issued by Symantec: that company's customers needed to know where all of their certificates were in order to change them. Similar things would happen increasingly frequently, he predicted.

An event on the horizon is the arrival of quantum computing. The problem is that some encryption methods that take a long time to crack using conventional computers could be broken quickly by quantum computers. Fortunately, "post-quantum" cryptographic algorithms are being developed and could be used as the basis for digital certificates.

Organisations have to be aware of these developments, said Bocek, because quantum computers are expected to become available within the next three to five years, which is a short period by the standard of banks and other organisations concerned with security.

Venafi's products — which help protect four of the five big banks as well as leading retailers and insurance companies — can help by creating an inventory of keys, assisting with their management, and coping with legal requirements that vary between jurisdictions, he said.

47 REASONS TO ATTEND YOW! 2018

With 4 keynotes + 33 talks + 10 in-depth workshops from world-class speakers, YOW! is your chance to learn more about the latest software trends, practices and technologies and interact with many of the people who created them.

Speakers this year include Anita Sengupta (Rocket Scientist and Sr. VP Engineering at Hyperloop One), Brendan Gregg (Sr. Performance Architect Netflix), Jessica Kerr (Developer, Speaker, Writer and Lead Engineer at Atomist) and Kent Beck (Author Extreme Programming, Test Driven Development).

YOW! 2018 is a great place to network with the best and brightest software developers in Australia. You’ll be amazed by the great ideas (and perhaps great talent) you’ll take back to the office!

Register now for YOW! Conference

· Sydney 29-30 November
· Brisbane 3-4 December
· Melbourne 6-7 December

Register now for YOW! Workshops

· Sydney 27-28 November
· Melbourne 4-5 December

REGISTER NOW!

LEARN HOW TO REDUCE YOUR RISK OF A CYBER ATTACK

Australia is a cyber espionage hot spot.

As we automate, script and move to the cloud, more and more businesses are reliant on infrastructure that has the high potential to be exposed to risk.

It only takes one awry email to expose an accounts’ payable process, and for cyber attackers to cost a business thousands of dollars.

In the free white paper ‘6 Steps to Improve your Business Cyber Security’ you’ll learn some simple steps you should be taking to prevent devastating and malicious cyber attacks from destroying your business.

Cyber security can no longer be ignored, in this white paper you’ll learn:

· How does business security get breached?
· What can it cost to get it wrong?
· 6 actionable tips

DOWNLOAD NOW!

Stephen Withers

joomla visitors

Stephen Withers is one of Australia¹s most experienced IT journalists, having begun his career in the days of 8-bit 'microcomputers'. He covers the gamut from gadgets to enterprise systems. In previous lives he has been an academic, a systems programmer, an IT support manager, and an online services manager. Stephen holds an honours degree in Management Sciences and a PhD in Industrial and Business Studies.

 

Popular News

 

Telecommunications

 

Sponsored News

 

 

 

 

Connect