With the increase in connected devices, mainly based on the Internet of Things (IoT), the number of malicious attacks has also increased. They aim at stealing data, and for organizations, the main result of which is the loss of revenue, reputation, and trust from customers, partners, and suppliers. Many of these attacks involve weak encryption controls, mainly related to the inadequate management of digital certificates. Regarding this, in this article, we present what digital certificates are and the associated concepts, as well as the importance of their adequate management and protection within an organizational environment.
Digital certificates, X.509 or SSL/TLS certificates are the foundation of machine identities, such as applications, servers, endpoints, containers, or any device that requires authentication.
What is a digital certificate?
A digital certificate is an electronic document that associates the identity of people, organizations, devices, or applications with the public key linked to them. It is issued by an organization, which acts as a Certification Authority (CA), recognized as “trusted” by the parties involved, and normally used for public-key cryptography operations. This CA issues the digital certificate in response to a request after verifying the applicant’s identity. Each certificate is associated with an expiration period. Therefore, certificates can be revoked if they exceed the expiration date.
Other conditions that may result in the revocation of a digital certificate are the leakage of its private key, in addition to any change in the relationship between the applicant and their public key, such as the change of address.
In the asymmetric cryptography process, each subject is associated with a pair of keys, one public and one private. Anyone can sign a document with their private key, and anyone with the intention of verifying the authenticity of a document can do so by using the signatory’s public key, available through the CA.
These digital certificates or machine identities are critical, as they allow establishing trust in the digital environment. Without them, it would not be possible to say that senhasegura.com is, for example, senhasegura’s website or if any application is reliable. Thus, digital certificates are essential to building digital trust, and allow us to use all the benefits offered by the digital world, such as internet banking, websites, e-commerce, games, and even social media, and they work as a critical component of the Public Key Infrastructure (PKI).
What is the model adopted by Brazil?
In Brazil, the model adopted is the one of single-root certification, in which the Brazilian Public Key Infrastructure – PKI-Brasil operates through the National Institute of Information Technology (ITI). ITI acts as a hierarchical chain of trust, enabling the issuance of digital certificates for electronic identification of the entities involved. Besides, ITI also has the role of accrediting and disqualifying another member in the chain, supervising, and auditing processes.
In a context of an increasing number of devices such as smartphones, tablets, and any connected device, including smart cars, it is necessary to implement ways to protect them from the action of malicious agents. In this way, the use of digital certificates is an effective means of ensuring the identity and authentication of these devices within an environment. However, with the considerable increase in digital certificates associated with these devices, it is important to keep in mind how to better manage them. It is worth to mention that, due to the high number of such certificates, it is difficult to perform manual management by using, for example, spreadsheets. If the person in charge of managing digital certificates forgets to renew a single certificate on a device or server or to revoke any of them, this can shut the entire corporate network down and affect the continuity of the organization’s critical operations.
Considering the relevance of digital certificates, cybercriminals and even government-sponsored hackers have shown great interest in PKIs, intending to use digital certificates to conduct illegal activities, such as cyber espionage and malware infection.
Still, the management of digital certificates is seen as something simple, taking into account that they expire every 1 to 5 years. In this case, the problem is that this perspective leaves room for human error. If the person in charge of managing digital certificates goes on vacation or is dismissed from the organization, business continuity may be at stake.
In this way, when implementing processes for the proper management of digital certificates, one can have full visibility of all certificates installed in the infrastructure, identifying the most critical to the business, thus ensuring that they are active and valid, in addition to not being compromised.
How to ensure the best management of digital certificates?
Thus, one of the means to ensure the proper management of digital certificates in the environment is by using the implementation of a Certificate Management solution, such as senhasegura Certificate Management.
Being fully integrated with the senhasegura platform, senhasegura Certificate Management allows centralized management of the entire lifecycle of digital certificates within the organization, from the discovery – through automatic scanning of websites, directories, and web servers – to the renewal of a certificate by external or internal CAs.
The renowned Scan Discovery feature of the senhasegura platform allows the discovery of certificates within an environment in an automated and recurring way. Through the automatic sending of alerts in configurable periods to specific teams, it is possible to have full control of the expiration dates of certificates managed by senhasegura Certificate Management. Also, the solution allows for automatic renewal and publication of certificates. It is possible to automatically configure the periodic renewal, which prevents them from reaching the expiration dates. Finally, the senhasegura Certificate Management dashboards allow the graphical visualization of all certificates’ statuses, as well as identifying, for example, which of them uses encryptions that are not complying with the organization’s security policies.
Therefore, senhasegura Certificate Management allows one to reduce unavailability due to certificate expiration or human errors during the publication, in addition to automating the management of the certificate’s lifecycle. The senhasegura Certificate Management APIs allow complete integration with other solutions within an organization, as well as an increase in the security level of applications with secure certificates, respecting the organization’s prerequisites and security policies.