Leapfrog Your Cloud Migration – Don’t Let a Skills Shortage Stifle Business Possibilities
Blog Article Published: 03/10/2022
This blog was originally published by Entrust here.
Written by Juan Asenjo, PH.D., CISSP, Director of Product, Solutions and Partner Marketing at Entrust.
Most of you will be familiar with the term leapfrog. Stemming from a children’s game, it’s an expression used not only in English, but also in many other languages to characterize a rapid change in the status quo. In business, the term is used to describe how organizations can bypass a certain technology altogether and rapidly modernize by quickly migrating from legacy systems to the state of the art.
The Ponemon Institute 2021 PKI & IoT Trends Study highlights important developments in the deployment of enterprise ecosystems, where everyone and everything is interconnected. The study finds that the demand for public key infrastructures (PKIs) continues to increase, driven largely by the adoption of connected technologies. But, the study also finds that a shortage in the skills needed to deploy and manage PKIs is a major concern, and a factor that can stifle innovation.
Here’s where ‘leapfrog’ comes in: With the right strategy, organizations can leverage the cloud and modern PKIs to jump over the skills gap, and effectively deploy and manage PKIs to meet their growing needs, and innovate and stay competitive. Central to this approach is the concept of the root of trust and the use of certified hardware security modules (HSMs) for organizations that deploy PKIs in support of increasingly critical operations. In this article, we’ll explore PKI best practices to help ensure a secure cloud computing environment.
The role of PKI in the organization
As a foundational building block for today’s connected world, PKI includes the hardware, software, policies, processes, and procedures needed to manage the digital identities of individual users, and an exponentially growing number of devices and virtual machines. While PKIs have been around for decades, expansion of the internet of things (IoT) and connected technologies, has made them more important than ever. Connected devices and applications need to be securely identified and validated to operate within trusted ecosystems. As organizations find themselves needing to securely manage rapidly growing numbers of people and machine identities, it’s no wonder why PKIs have become critical for businesses, and why a skills shortage is a worrying phenomenon.
PKI in the cloud bridges the staffing challenge
Organizations are migrating more of their computing to the cloud to take advantage of the flexibility, convenience, and cost-effectiveness that these as a service models offer. As they take advantage of this service model, PKIs don’t have to stay on-premises, they can also be securely migrated. PKI as a service models can help organizations leapfrog to a state of the art, subscription-based PKI and not have to worry about training, developing, and maintaining staff to deploy and manage the PKI.
Best practices for secure PKIs
PKIs are only as secure as the level of protection given to the private keys used for the certificate issuance and signing processes – organizations are well advised to beware of keys stored in software. Software security can be soft security and the weak point of a PKI. That’s why security professionals for years have recommended using certified HSMs to ensure the security of well-designed PKIs.
The Ponemon Institute 2021 PKI & IoT Trends Study asked users how they managed their root, policy, and issuing CA private keys and it was reassuring to find that HSMs ranked number one. An HSM root of trust segregates and protects critical cryptographic keys within a certified protected environment, away from the rest of the IT infrastructure. This both enhances security, and facilitates auditing and regulatory compliance. PKI as a Service provides a turnkey solution for organizations to quickly deploy and scale their PKI to secure their business use cases.
Sign up to receive CSA's latest blogs
This list receives 1-2 emails a month.