The most rewarding experience of my career has been having a front-row seat to Keyfactor’s journey from a small consulting shop to a global leader in digital trust. Along the way, I’ve had the privilege to work with some truly brilliant people: leaders, engineers, and customers who are all pushing the boundaries of what’s possible in security.
This week, Keyfactor reached another major milestone on our journey, acquiring InfoSec Global and CipherInsights, bringing together the best in cryptographic discovery to help organizations uncover hidden vulnerabilities that put their business at risk.
In this blog, I’ll break down what cryptographic discovery is, why it’s a priority, and where these new technologies fit into the mix. First, let’s take a step back.
Cryptography: The Black Box of Cybersecurity
Thinking back to the early days of the Internet, digital trust was simple. It primarily meant making sure users could safely connect to websites, secured with public key infrastructure (PKI). While making the “lock icon” show up in your browser is still important, today the landscape has changed dramatically. Now virtually everything is internet- and network-connected, and at the heart of it all is PKI and, dare I say it, cryptography.
Cryptography is the quiet engine that hums behind every secure connection and online transaction. It’s quite literally everywhere, yet it’s often treated as a mysterious black box – something even seasoned IT pros prefer not to poke or prod. It’s often only when something breaks that someone discovers a cryptographic asset. As they say, “ignorance is bliss,” right? Yes, but….
That lack of visibility into cryptographic assets – keys, certificates, keystores, algorithms, protocols, and libraries – leaves organizations flying blind to hidden vulnerabilities. Things like exposed keys, weak algorithms, and outdated protocols not only pose a risk to data security, but they’re also increasingly under the scrutiny of auditors and stricter regulatory frameworks.
Fixing vulnerabilities isn’t easy either. It’s not just about knowing where your cryptographic assets live; it’s about how they’re used, which systems they interact with, and what might break if you try to change or replace them. Many of us felt these pains firsthand in the migration from SHA-1 to SHA-2, and that pales in comparison to what’s ahead.
Turning the Lights On with Cryptographic Discovery
There’s change afoot, and this time it’s not a hurdle, it’s a mountain. The steep and steady climb to quantum-safe transformation is daunting, but it’s no longer avoidable. New standards are here and timelines for deprecation of legacy algorithms have been set. In other words, the trail has been marked and it’s time to lace up.
Step 1: Gain Visibility
Cryptographic discovery is the process of scanning your environment and building an inventory of all cryptographic assets, from keys and certificates to keystores, cryptographic libraries, algorithms, protocols. Instances of cryptography live everywhere – from code, binaries, and CI/CD tools to deep within file systems, web servers, and cloud environments. This isn’t a one– and– done inventory project, it’s a continuous process of discovery and monitoring.
Step 2: Get Context
Understanding where cryptographic assets live across your infrastructure is one thing, understanding how they’re used is another. Real-time visibility into network traffic can help provide additional context into how cryptographic objects are mapped to your infrastructure, so you can remediate risks, without worrying about breaking systems.
Step 3: Prioritize
When you suddenly uncover thousands of cryptographic assets scattered across your organization, it can feel a bit like opening the world’s messiest junk drawer. You know there are important things in there, but figuring out what matters, what’s broken, and what needs fixing first is overwhelming. Mapping your cryptographic assets against risk factors and compliance requirements, based on the assets and data they protect, is key to understanding what to do next.
Step 4: Remediate & Repeat
When you know what you have and where your risks lie, you can begin to fix them. This is where automation comes in. For instance, by automating renewal, provisioning, and installation of digital certificates on endpoints, you can address risks without causing disruption to the business. This is essential to avoid downtime and ensure a seamless transition at scale.
Bringing It All Together: Discovery + Lifecycle
With the urgent need to understand cryptographic risk, we’re taking a bold step to advance our platform by bringing together InfoSec Global and CipherInsights.
With continuous monitoring of network traffic to discover and detect cryptographic risks in real time (CipherInsights), and deep scanning and inventory of cryptographic objects within infrastructure, file systems, and code (InfoSec Global), we can now deliver a complete and comprehensive understanding of an organization’s digital trust infrastructure.
By combining these solutions with Keyfactor’s product stack, we’re able to help our customers understand their cryptographic posture, remediate identified risks and vulnerabilities, and modernize their PKI and signing infrastructure for the quantum era.
To our customers, partners, and the teams behind our solutions: Thank you. I am honored to be alongside you on this journey and I’m excited to see what’s next for Keyfactor.
If you want to learn more about the next step for digital trust, don’t miss our webinar, “What’s Next for Digital Trust: Solving Your Cryptographic Risks and Vulnerabilities.” We’ll dig deeper into cryptographic discovery and what it means for you.
