August 2011 - Entrust, Inc. 1-5 of 5
An appropriate fate — Ocean Bank fined $11 million for poor controls in latest fraud case
As my grade 11 accounting teacher used to say, “It all comes out in the wash!” And he was right. Sooner or later, things have a way of “righting” themselves. When you’re in a tough situation and life doesn’t seem fair, this statement is not always easy to believe. But in my experience, somehow, in [Read More...]
How Do I Find & Inventory My Certificates?
In previous posts, I’ve discussed why you’d want to inventory your certificates. Now let’s discuss how you can inventory your certificates. Historically, we’ve found a lot of prospective customers using a spreadsheet to maintain a listing of certificates, owners and expiry dates. There are problems with this approach: data is manually collected; information becomes outdated quickly; often data that is required is not collected at all; and it’s also challenging to receive reliable email notifications from a spreadsheet.
Verifying Code Authenticity
When an end-user’s browser loads the code, it checks the authenticity of the software using the signer’s public key, signature and the hash of the file. If the signature is verified successfully, the browser accepts the code as valid. If the signature is not successfully verified, the browser will react by warning the user or [Read More...]
What’s The Value of an Expiry Notification?
What would it cost your organization if an SSL certificate expired unexpectedly? I’ve heard from customers about all kinds of pain they’ve experienced as a result, such as:
- Website goes down and they are losing sales for half a day
- The responsible person being relieved of their responsibility
- Financial penalties due to contractual commitments (e.g., guaranteed uptime)
- Damage to corporate image due to perceived lack of concern
- Unnecessary overtime to expensive personnel to resolve the issue (because, of course, they rarely expire when you are in the office)
- I’ve even spoken to an organization who went through the pain twice; when they first “fixed” the issue, they missed their “hot backup” machine and again experienced the pain when they subsequently put their hot backup into emergency service
Top 3 Certificate Management Issues
I've spent a tremendous amount of time talking to customers about certificate management, and their certificate management problems consistently boil down to the following three issues: 1. Certificates Expiring Unexpectedly Application owners lie awake at night worrying that an application will go down or be otherwise inaccessible, and there’s any number of reasons why this could occur. Do you identify with any of these?