Digital certificates—an integral part of identity and access management—are nothing new, but their uses are increasing as we accept them as the best passwordless security solution. From authenticating machine-to-machine interactions to confirming the digital identity of employees accessing business networks and services, digital certificates are part of every secure interaction. Digital certificates are even issued for IoT devices and are so commonplace in today’s digital environment, that many of us forget how much we rely on them.
IT has managed and governed the policies surrounding the use of digital certificates for years. However, manually issuing and revoking digital certificates from spreadsheets has been the norm. This ad hoc approach to certificate management is prone to human error and not scalable. Not to mention, manual management of digital certificates has become a serious risk as their uses have become engrained in internal and external data security and compliance policies. Certificate Lifecycle Management (CLM) solutions mitigate that risk by eliminating the potential for human error.
However, Certificate Authorities (CAs)—the organizations that issue certificates—are often not the ones who make and sell CLM solutions. More often than not, enterprise systems include certificates from various vendors all with different lifecycles, uses, and configurations. Sectigo is a pioneer in the digital certificate space in that regard. Sectigo is a publicly trusted CA that also provides an open CLM solution that allows interoperability with digital certificates issued by as many CAs as possible.
An Integrated Future
Embracing a certificate agnostic approach to certificate management to empower interoperability is the new hot topic in the CLM and cybersecurity worlds. With high-profile breaches, shorter certificate expiration requirements, and identity management issues making headlines regularly, the need for flexible and integrated CLM solutions is more apparent than ever before.
Evaluating Certificate Agnostic CLM Solutions
So, how does one determine whether a CLM solution is certificate agnostic? By considering its capabilities related to the following:
- Type. CLM platforms must be able to manage all types of certificates. X509 certificates come in various categories—like SSL/TLS, S/MIME, SSH, and more—with different uses and capabilities. Exotic forms of non-X509 certificates that facilitate the Internet of Things (IoT) devices are starting to proliferate the market, as well. Large enterprises are likely to have all of the above and more in their environments, and their CLM solution should reflect that diversity.
- Configuration. Each time a CA issues a certificate, it sets policies for that certificate's use. These policies include term limits, hashing algorithms, key lengths, and access guidelines. A CLM solution should be able to manage any certificate—regardless of the parameters set by the CA—and keep track of various configurations at once.
Location. With remote work growing increasingly common, enterprises are likely to have certificates spread far and wide. They may be in physical, on-premises servers, off-premises with a third-party host, in a cloud-based system, or on laptops and other devices. Regardless of the location of an enterprise's certificates or the machine they're on, enterprise CLM solutions should be able to get the job done.
- Environment. Each enterprise has a unique IT ecosystem tailored to its specific needs—and often, the specifics of each environment within the ecosystem vary across departments. The operating systems in use, cloud-based capabilities, DevOps needs, server setup, and more can all affect how certificates are provisioned and used across an enterprise. A robust CLM solution must be able to access certificates across these environmental factors to manage the system effectively.
- Use case. Different certificates are used for different things and often have different specifications. A company's CLM platform should integrate certificates across use cases, so all management takes place in one pane of glass.
- Origin. This brings us to what is actually the final piece of the certificate agnostic puzzle: the certificate authority that issued the certificate. It used to be that each issuer had an isolated platform to manage its issued certificates. Now, CLM solutions are integrating to facilitate more streamlined CLM experiences for large enterprises with complex environments, varied use cases, and diverse public key infrastructure (PKI) needs.
To learn more about certificate agnosticism and CLM, listen to Root Causes, episode 196, "What is Certificate Agnostic?"