Our seminar ”Electronic signing, PKI Management and SSL certificates” on Feb-6 2019 was attended by over 40 professionals with lots of experience about cyber security. The seminar was streamed on-line to the net and it is still available as recordings. This article provides the links to the recordings and the material as well as highlights from the second session.
Session 1: Electronic signing, digital signing, eIDAS, PadES
Presenter: Robert Hann, Sales Director, Entrust Datacard
Facilitator: Antti Larvala, Director for development eSign for Visma Solutions
Session 3: SSL/TLS certificates – what lies ahead?
Presenter: Chris Bailey, VP Strategy and Business Development, Entrust Datacard
Facilitator: Harri Tuuva, CTO, Wesentra
Some highlights from session: PKI Management and Managed PKI
PKI provides digital identities and manages their lifecycles. PKI, Public Key Infrastructure, is about policies, people, procedures, audit and a bit of technology. Several systems rely on digital identities just as technical entities (and in this case their provisioning solution is just a CA, Certificate Authority). However there is a major difference for example between a passport and a bonus card. The question is, how much assurance has been built to the digital identity. Technology is just the means.
Before PKI is planned and implemented, the business need requires consideration. The proper owner for PKI is business, not IT. The Policy Authority is important. It typically consists of experienced persons from the business, who meet regularly in any case and who can decide what the credentials are used for.
Implementation is often carried out as a project which may last some three months. The typical phases of a PKI project were presented. In the implementation phase scripts are created. They will be audited and then used in the operation and maintenance. The documents need to stay alive – the organization changes and PKI changes with it.
Experience has shown that one of the greatest challenges is maintenance of the PKI. Often a lot of time and money is spent on creating the PKI. Then the PKI is given to IT for maintenance and often IT hates procedures. Gradually the processes decay and people leave.
Entrust Datacard can help in creating and maintaining the customer’s PKI either on-site or from their secure facilities. This can be MS PKI or Entrust PKI or something else. Entrust Datacard is very experienced and can provide the ETSI Advanced level as well as the needed certifications (WebTrust, ISO 27001, tScheme, ISO 9001).
And then poor Dave got a rough ride. Thomas and Dave had never met before and this questions-answers part had not been rehearsed. But it was both interesting and fun: ”Today I am the IT Manager. So, this PKI needs to be really simple. I am also the business owner. It needs to be today. And I am the senior architect, it needs to be my way. Your place is over there. And by the way (shakes hands) my name is Thomas”. As Thomas starts with EV SSL certificates it takes a short while for David to catch on. But soon these top professionals get along very well.
In the next blog post details of the third session will be presented.
More information: info (at) wesentra.com or https://www.wesentra.com/eng/