Share these talks and lectures with your colleaguesInvite colleagues
Cheetahs, COVID-19 and the demand for crypto-agility
‘Digital transformation’ means many things to the different stakeholders who drive today’s business and technical strategies. For the business manager it means creating hyper-responsive, always-on, multichannel paths to profitably engage with customers and partners. For the technologist it means leveraging the newest capabilities in cloud delivery, application development, and DevOps tooling and doing it faster and more economically than ever before. But in all of these cases, digital transformation relies on the underlying foundation of well-protected ‘machine identities’, as well as the technologies that create them, such as TLS certificates, SSH keys, API keys and code-signing certificates. These, in turn, all rely on cryptography: the process of ‘constructing and analysing protocols that prevent third parties or the public from reading private messages’ while also assuring safe machine-to-machine authentication. This paper focuses on the increasingly critical need for an organisation’s cryptographic processes to be agile. Readers will learn what ‘agile’ means to them, and how it leads to a kind of cryptographic flexibility they can leverage whether they deliver applications and services through new cloud architectures, traditional on-prem environments or hybrid models. They will learn how this agility can rapidly replace cryptographic algorithms, tools or providers that have been compromised, without affecting the availability or integrity of the applications or services they enable. They will also learn how organisations can control costs and limit their dependency on third-party services, all while maintaining a robust posture around their rapidly increasing population machine identities.
The full article is available to institutions that have subscribed to the journal
Michael Thelander has a 20-year track record leading product management and marketing teams as they bring enterprise-class software products to market. He currently leads go-to-market strategies for Venafi, the industry leader in the growing machine identity management category. At Venafi his team is focused on market education and engagement, and he is an evangelist for emerging technologies and practices. Michael received CISSP training through SANS and has been in the cyber security space for over 15 years; before Venafi he spent seven years heading product management at Tripwire, a perennial leader in configuration management, integrity monitoring and vulnerability assessment. He followed that with three years leading go-to-market efforts for authentication and fraud prevention company iovation. His cyber security articles and interviews have appeared in SC Magazine, Cyber Defense Magazine, ITProfessional, SoftwareCEO.com and other publications. He frequently speaks at industry events such as BSides, Gartner’s IAM Summit and RSA. At Portland State University Michael studied biology and foreign languages, although neither of these disciplines — with the exception of sidebar references to genetic variability in wild cheetah populations — are germane to his work today.