Ensuring Compliance with Security Policy

Scott Shetler
Part 5 of 5 in the Series — SSL Certificate Management

If you are in the IT business, chances are you are subject to compliance and some form of security policy. One example our customers run into is ensuring they are moving from a 1024-bit key size to 2048-bit key sizes in their certificates.

While most companies should have a policy in place to ensure they are only purchasing 2048-bit certificates, most are unable to ensure only purchasing-approved certificates are introduced into their environment. This may occur for the following reasons:

  • Even in a centralized environment, self-signed certificates can be introduced through new hardware being implemented
  • Acquisitions often result in multiple certificate vendors in a newly consolidated environment
  • Often, production certificates are last-minute purchases and processes are circumvented to put an application live quickly

So, in this mixed-certificate environment, organizations require a means to accurately identify their existing certificate inventory. Once inventoried, they need to be able to search the inventory to identify items that are outside of security policy, and rectify the situation.

Realistically, the challenge here is how to inventory all certificates and store the information in a single searchable system. Once the information is in the single system, it’s fairly easy to run pre-determined or ad-hoc queries to identify non-policy items, and then highlight them to management should they not be resolved in a timely fashion.

Entrust has a product called Entrust Discovery that allows you to scan your network to collect all certificate information, centrally store it, and automate your policy comparisons to ensure that you are and remain in compliance.

Entrust sponsors the #46 Entrust/TruSpeed Porsche

Scott Shetler
Scott Shetler
Senior Product Manager

Entrust senior product manager Scott Shetler has worked in various areas of software management for 16 years. He leverages his background in product and service management at Entrust to manage the Certificate Services family of products, which have grown more than 30 percent under his tenure. He gained vast experience in software as a service (Saas) and product management while at solution providers Necho Systems in Toronto and Workstream Inc in Ottawa.


Add to the Conversation