vendredi 3 octobre 2014

Digital certificates are not rocket science !

We believe digital certificates should be easy to manage and cost effective. What do you think ?

A partner of mine told me a few weeks ago "- Digital certificate are not rocket science". From a technical approach, I fully agree with him. Well... Let's put aside the fact that it may be not that simple to be trusted by all the browsers and reliable enough to run a 24/7 worldwide service... But OK, once in place, this is a pretty simple technology.

In the customer's shoes

What business issue does digital certificates solve? If we are honest, we would be more than happy to keep running our business as usual without worrying with the fact that the server we want to address may not be the real one. Or that this email we've just received may be sent by a different person than what the sender's box is claiming. So far, I’ve never heard of someone saying joyfully "Yes, today I am going to renew my digital certificate before it expires!»

But what if I don’t renew it? - Thinking about it, how many certificates do I have? For which purpose? How much does it cost? - Should I spend some time to find cheaper certificates? - Or what would be my risk if I were to go for self-signed certificates?

All these questions are difficult to answer for any company. Buying certificates is easiest part; Dealing with them (deploying, renewing and revoking) could be very challenging if your company uses both SSL certificates and personal certificates.

What would be your preferred solution?

At UDITIS, we’ve been gathering some insight on this topic from our existing customers. We also performed some external research and our conclusion is :
  1. Security vendors offer Managed PKI solutions, but these are so expensive that small & medium size companies (SME) can usually not afford them. Or respectively do not want to spend money for such an obscure purpose...
  2. Not having a Managed PKI solution prevent the use of personal certificates to sign corporate emails.
  3. SSL certificates are more and more requested in today’s technologies. However system administrators buy them on a standalone basis without considering the impact of their management over the years.
We don't think this should discourage you. Do you believe like us that the use of certificates should be democratized ? If yes, which issue should be addressed first?
Thank you for telling us what you think and sharing your ideas or experience.

1 commentaire:

Anonyme a dit…

Demystifying certificate management is probably the first priority: with some organisation and a systematic approach, all the troubles you mentioned are manageable.

A possible contribution could be an overview of the few rules to follow for SMEs keen to increase the use of certificates in their organisation.

La stratégie de sécurité de votre entreprise prévoit-elle le renseignement des données ?