CIOReview
Sign In

Subscribe to our Weekly Newsletter to get latest updates to your inbox
| | April 20168CIOReviewLet's assume your company is eager to embrace the next wave of growth, enabled by the Internet of Things, the emergence of cloud computing and the ever increasing connectivity of billions of internet users who are 'always on'. Question: What would be a quintessential challenge for succeeding in your strategy? Answer: being sure that you can trust these users and devices. That humans and devices actually are who they say they are. Why? Because we all understand the meaning of the internet meme saying 'On the internet, nobody knows you're a dog.' In the next ten years, trusted communication will be a key topic in business. Companies that act now by professionalizing the management of trusted certificates pave the way for controlled innovations and new business concepts."PKI is dead." This is what Gartner stated back in 2004 responding to the somewhat troublesome road to turn the internet into a trustworthy place. The challenge was huge: in fact, the grand design of the internet never intended to give users a digital identity. To warrant the identity of users and devices connected to the internet, companies and governments started building PKI's (Public Key Infrastructures) to overcome this problem.Many years later, Gartner appears to have been wrong. Although the term PKI is not coined frequently, the underlying trend is clear. The ideas of the PKI are alive and kicking, be it in a bit of a different form than 10 years ago. Governments and businesses nowadays aim to solve problems surrounding confidentiality of communication and authentication by issuing certificates that act as digital passports. The use of these certificates is now supported in major security standards and integrated in many applications. These certificates are numerous and are in fact contributing to the original ideas of PKI. In short: PKI has been a strong silent trend in the last decade.The case for using trusted certificates is strong: it's simply a matter of building trusted communication on the internet. How-ever, as with all technologies, nothing is flawless and there are no panaceas to fight abuse or cybercrime. Hackers and other crimi-nals use advanced methods to penetrate networks and systems and one of their objectives is to gain a trusted status, circumvent security controls and go undetected. By stealing and/or com-promising keys and certificates, they can remain under the radar while penetrating these networks and systems. There-fore, keys and certificates nowadays are a prime target and criminals use these as the attack method of choice. However, many global enterprises and governments still put blind trust in these keys and certificates, without consider-ing how to properly and manage these certifi-cates in a struc-tured way.In recent years we've witnessed a number of Your Fridge May be a Dog on the InternetBy Tammy Moskites, CIO & CISO, Venafi and John Hermans, Partner, KPMG Information Protection ServicesIn My pinionTammy Moskites
< Page 7 | Page 9 >