top of page
  • timspriggs

Certificate Services, a note from our archives and “The Dark Art of PKI”…



In our last newsletter we had a feature on Entra, Microsoft’s new identity and access product family which we are increasingly looking to implement at our customers (https://www.venture1consulting.com/post/microsoft-entra-security-simplified)


Microsoft was named a Leader in the 2022 Gartner® Magic QuadrantTM for Access Management for its Azure Active Directory (Azure AD), part of Microsoft Entra. But whilst Entra and Microsoft’s Zero Trust model might well define how organisations secure and protect access to sensitive data, perhaps what may now be termed ‘old school’ work around Certificate Services and PKI is still very much evident and relevant in our customer base.


So what is a PKI? (Public Key Infrastructure)


Essentially, it's a set of roles, policies, and procedures needed to create, manage, distribute, use, store, and revoke digital certificates and manage public-key encryption.


What can a PKI enable and secure?

Essentially, ‘digital assets’ which, whilst they can be ‘encrypted’ also require ‘authentication’. These include:


Email – Encrypt and/or sign messages

Browsing – SSL – authentication and encryption

Code – Signing PowerShell Scripts and Applications

Wireless – PEAP-EAP-TLS

Documents – Rights Management

Networks – Secure VPN Tunnels

Files – EFS - Encrypted File System


Why is a properly implemented PKI so important?

The threat to IT infrastructures from attacks is ever evolving and compromising an organisation’s PKI can significantly help attackers gain access to sensitive data and systems. Increasing numbers of organisations of all sizes, in all parts of the world have been attacked and compromised with Cyber-warfare and Cybercrime increasing at record rates. These attacks are intended to gain access to an organisations’ secret information, create denials-of-service, or even destroy infrastructure. Attacks against public and private institutions have become commonplace and we have recently worked with organisations in both sectors to help with such incidents.


Properly implemented, PKI is a fundamental component in building effective security controls over information resources. It plays a critical role in protecting sensitive business data and in enabling technology to enhance security and promote secure electronic commerce.


We work to Microsoft ‘best practice’ standards, helping enterprises of all sizes design PKI to protect them from threats, and it turns out that we’re pretty good at it too, as this short piece about some work we’ve done in the past shows!


In the particular instance in question, one of our own senior consultants, who had been on-site at the customer, had the following to report directly back to me:


"A couple of recent pieces of work (PKI and the file cluster migration) took a significant amount of skill that they'd find very difficult to replace. Most people in IT regard PKI as a dark art and run a mile. On the file cluster migration side, no one at ***** would have been able to write the script we came up with."


The client concerned subsequently reported back to me that “this is exactly the sort of service I want from Venture 1”. If you need a hand with your PKI anytime, please give us a call!

Comments


bottom of page