Certificates have been a fundamental component of digital security for decades. They provide the most resilient, scalable and secure means to deliver strong identity, encryption and access control. They secure critical systems and core business use cases, including secure sockets layers (SSL) and transport layer security (TLS) for public-facing websites, secure email, mobile device management, the internet of things and more. Given their significance and widespread use, it should come as no surprise that proper management of these certificates is critical for organisations.
The need for robust certificate lifecycle management (CLM) is not new. As organisations have grown and experienced certificate authority sprawl or had concerns around legacy public key infrastructure (PKI), CLM has become a means to rein in and centralise certificates across environments. The significant growth in the number of machine identities is another factor, driven not only by the sheer quantity of machine identities requiring security and management, but also by the complexities they introduce – such as short-life certificates – that render manual processes unsustainable.
While these are compelling reasons to invest in a proper CLM tool, there’s an even more convincing reason to prioritise CLM in relation to overall IT strategy such as implementing zero-trust security frameworks and preparing for post-quantum threats.
One of the key components of zero trust, and where CLM plays an important role within the overall strategy, is ensuring that businesses have strong issuance protection for their certificates. Essentially, this ensures that no rogue certificates are issued to grant excessive access or privilege. This same rationale applies to the need for control at any stage in the certificate lifecycle, including revocation. CLM supports the three principles of a zero-trust strategy. It helps to verify that the correct certificate is provisioned to the appropriate target or endpoint; provides the right assurance and access through certificate and lifecycle controls; and possesses the ability to contain and mitigate losses and damage by revoking certificates for quick incident response. Beyond utilising digital certificates as a part of zero trust, CLM should serve as the starting point to reveal which credentials are used in an environment and where. This is also where an overlap with post-quantum preparedness emerges.
Regarding post-quantum preparedness, we address the looming threat to traditional cryptography in use today. Organisations must take steps to prepare for the transition to quantum-safe cryptography. An initial step in this preparation is gaining visibility into cryptographic assets – from hardware and software to keys, certificates, and secrets. CLM can help with this by centralising the visibility of certificates across environments, identifying potential cryptographic risks for businesses, aiding in the migration and consolidation of PKI footprints to facilitate the transition to post-quantum cryptography, and automating certificate management and security implementations.
Whether driven by practical considerations aimed at achieving visibility and control over environments, or strategic motivations to implement a zero-trust strategy and prepare for the post-quantum era, businesses utilising the right CLM tool alongside their PKI will ensure security both today and tomorrow.
Samantha Mabey is digital solutions marketing director at Entrust
This article was originally published in the Autumn 2023 issue of Technology Record. To get future issues delivered directly to your inbox, sign up for a free subscription