Welcome to the first installment of a new series on the Keyfactor blog — the Digital Trust Digest. It’s nearly impossible for IT and security leaders to keep up with the daily deluge of cybersecurity news, which is why we’re curating the need-to-know headlines for you each week. Tune in every Friday to get a pulse on the latest developments in PKI, machine identity management, IoT security, quantum computing, and much more.
Here are the top five cybersecurity updates you need to know about this week:
1. "How cloud PAM can transform the enterprise" from VentureBeat
With the push to the cloud and nearly two-thirds of application-based spending going towards cloud technologies by 2025, enterprises are at greater risk of potential breaches. Enterprises must implement cloud-based privileged access management (PAM) platforms that can span the entire hybrid cloud infrastructure to achieve true Zero-Trust Network Access (ZTNA) frameworks.
Cloud-based PAM systems also come with these benefits:
- The ability to track operating expenses in real time
- Increased security of cloud-based integrations with two-way SSL trust
- Improved reliability to integrate with public cloud services
- Streamlined and scalable for audit and compliance requirements
Read more about cloud-based PAM platforms here.
2. “Microsoft’s CISO on why cloud matters for security response” from CIODive
Microsoft CVP and CISO Bret Arsenault argues that cloud-based technologies are the future of predicting, detecting, tracking, and protecting against the increase of identity- and password-based attacks. The frequency of these attacks, 920/second in 2022 up from 600/second in 2021, has led organizations like Microsoft to strive for a passwordless environment.
While passwordless environments are out of reach for many, Arsenault highlights what he calls the “brilliant basics” model to prevent attacks:
- Use multi-factor authentication
- Limit access to only certifiably health devices
- Collect data that helps your organization detect cloud-level anomalies
Read more cloud-based security responses here.
3. “We’re Going Through A Machine Identity Crisis” By Keyfactor CTO Ted Shorter for Forbes
Machine identities now outnumber humans 45-1 and 68% of them have access to sensitive data and assets, according to a report by CyberArk. However, with this increase, there has been a lack of attention on machine identity protection, leaving a potential vulnerability in the armor of cybersecurity.
Keyfactor CTO Ted Shorter recommends these steps to secure machine identities with proper PKI and certificate management:
- Implement an enterprise-wide strategy for cryptography and machine identities
- Improve your crypto-agility to proactively secure identities
- Build an effective identity management toolkit
Read more about the machine identity crisis here.
4. ISARA makes four digital certificate patents publicly available to boost quantum security
In a press release, ISARA shared that it is giving the intellectual property behind its ISARA Catalyst Agile Digital Certificate Methodology, which includes four patents, to the public to support industry-wide cryptoagility. ISARA’s methodology includes hybrid certificates which enable a streamlined migration to quantum-safe security to protect connected devices, IoT, and PKI.
Keyfactor’s Chief PKI Officier Tomas Gustavsson weighed in on the release of ISARA’s methodology and the use of hybrid certificates: “The potential threat of quantum computers to computer security and secure communications is potentially the biggest existential threat our industry has faced to date. It’s on us to help ensure that the transition from conventional to post-quantum cryptography is as smooth as possible and hybrid certificates are a key part of that.”
Read more here.
5. Registration is open for Keyfactor Tech Days 2023
Registration for Tech Days 2023 is open! The PKI and cryptography landscape is in a state of constant evolution. The emergence of post-quantum cryptography, new PKI and IoT use cases, and the rapid growth of machine identities are all formidable challenges. At Tech Days 2023, we say “Game On. Join us in Barcelona, Feb. 13-15.
Interested in sharing your unique perspective on PKI, IoT security, code and document signing, or another topic geared toward enterprise security? The call for speakers is open until November 8. Submit your topic here.