Why certificate management?
Airport hubs are digital and logistical masterpieces. As if by magic, processes interlock, run automatically, and in the end luggage, goods, and passengers arrive worldwide where they are expected.
essendi xc works in a very similar way: As the central hub of certificate management, it records all certificate processes and controls them in a consolidated way. It does not matter whether they were predefined in the hub or triggered manually via the self-service portal. The xc dashboard and the overview pages provide a comprehensive and central view of the current status quo of the certificate inventory and of the running processes. For this purpose, all processes are monitored and controlled by xc. This allows certificates to be requested, renewed, revoked, and even distributed into the target system automatically.
How airport processes work we unfortunately cannot explain to you. But we are happy to offer you a closer look at certificate management and its effects on different management areas within companies.
Certificates are needed, among other things, for clear identification in the digital space. Here they are comparable to an identity document. Like identity documents, certificates contain information that is necessary for verification, e.g.:
In addition to clear authentication, certificates ensure the following properties when transmitting data:
Certificates thus secure the digital flow of data and ensure the clear identification of the communicating systems. They therefore play a key role in IT security. In order to maintain smooth operations and at the same time minimize business risks, it is important to pay attention to efficient processes. That is why careful certificate management is important.
Modern certificate management not only serves the administration of the existing certificates, but also includes comprehensive lifecycle management. This covers certificate renewal, installation in target systems, as well as the revocation (revoking) of compromised or invalid certificates.
Certificate management affects the following management areas in the company:
Certificate management very clearly plays into the IT security strategy and the IT security management of your company. The more certificates that exist in a company, the more relevant their careful administration becomes.
Certificate management connects all the components that play a role in the certificate area:
All these components exist in different versions. The large number of stakeholders involved additionally increases complexity when a uniform and standardized certificate management is to be set up.
The different variants of certificate management range from a simple spreadsheet to a specialized tool such as essendi xc. A specialized solution not only helps you to keep all components in a structured overview, but also automates and simplifies complex processes.
An expired certificate can bring operations to a standstill, since in the worst case the entire digital communication – from email traffic to production systems – is interrupted.
In rare cases, the certification authority must be changed at short notice. In such situations, certificate failures can also occur if the certificates from the old CA are no longer valid while those from the new CA have not yet been installed or activated. Certificate management should therefore also be considered in risk management.
The following examples can be included as risk factors in monitoring:
Without certificate management, these risks might only become apparent when systems fail. An automated certificate management can therefore contribute to reducing operational risks.
An IT department has many “customers” – the entire company, different departments, and individual employees.
Automated certificate management relieves IT admins by taking over many work steps. An optimally configured tool does not require in-depth knowledge of certificate management. This way, departments can independently carry out steps in self-service.
Certificates can also be made available for external customers to download via a portal. This relieves the IT security department, increases the service level, and minimizes the risk of errors.
In the context of IT security, the term compliance stands for adherence to defined standards (e.g. ISO/IEC 27001, NIST).
Therefore, in most companies certain requirements must be followed. In addition to storage locations and the structure of file names, employees are especially familiar with rules regarding the length and composition of passwords as well as the frequency with which they must be changed.
However, legal regulations (e.g. GDPR) and regulatory standards (e.g. ISO/IEC 27001, NIST) go beyond the internal standards mentioned above. In addition, there are requirements from institutions such as the CA/Browser Forum or ETSI (European Telecommunications Standards Institute). These standards define requirements for encryption parameters, validity periods, or signatures (ZertES – Swiss Signature Law, eIDAS – European Signature Regulation).
Compliance in the area of certificate management also aims at risk minimization. The requirements for the administration and handling of digital certificates and cryptographic keys are included in guidelines and standards such as ISO/IEC 27001 or NIST.
For example, ISO/IEC 27001 requires in Annex A.10 to “develop and implement a policy on the use of cryptographic controls” to ensure the protection of information. Furthermore, the use, protection, and lifetime of cryptographic keys must be defined and applied throughout their entire lifecycle. Finally (A.18.1.5), cryptographic measures must be applied in compliance with relevant agreements, laws, and regulations. Continuous improvement of existing information systems is also required under section 10.
A certificate management system such as essendi xc takes all applicable requirements into account. It creates a concept for the use of keys, shows the procedures in use, and documents the lifecycle of the keys in an audit-proof manner. This ensures that you are prepared for any audit in the area of certificate management.
IT process management consists of a large number of different internal and external components. It connects the various IT infrastructures that interact within your company:
Internal components
External components
Certificate management is especially important in IT process management, because here the task is to align business functions with IT. The different systems must be able to communicate with each other at all times. Business processes run smoothly only if permissions are correctly set and the systems can clearly identify each other. Exactly this identification and the management of authorizations are secured by certificates.
The foundation of all secure digital communication is certificates. Since more and more devices and applications in every company communicate securely with each other, the number of certificates required for this also increases. At the same time, however, their validity period is steadily decreasing for security reasons. To avoid failures, comprehensive inventory management of certificates with precise documentation (repository) is necessary.
The documentation forms the basis for:
The best-known best practice guide for IT asset management is ITIL. This open standard takes into account that, due to increasing complexity and the vulnerability of IT infrastructure, binding targets for process- and service-oriented IT service management are required. It aims to improve service quality while reducing costs.
From the analysis of asset data, potential misuse can also be detected. In this way, IT asset management is also linked to IT risk management. This contributes to increased security. The points of contact with different management areas make essendi xc the central hub for all processes relating to digital certificates.
Further information is available to you in a live demo.
