If you are looking at automation in regard to PKI, there are four areas in security where automation can be applied: Efficiency, Security, Crypto-agility, and Compliance.
Here is an example where automation helps. As we are moving towards digital transformations, the number of certificates being used in any type of enterprise is increasing. Contradictory to that, the life cycle of certificates and their expiration of those certs are getting smaller. That means you need to deal with more certificates and short life certificates. With automation, you can replace those certificates in no time and prevent outages in case an administrator forgets about expired certificates and is not able to replace those.
Human errors are playing a big role in security. Imagine that you have thousands of certificates, and you need to configure each one of those manually and individually. This will create a surface of error where an individual will inject inaccurate data into a certificate request before the certificate is issued.
Automation enables that IT admin to set policies and rules and then request the certificate and minimize the error.
Another area where automation could help is Compliance. The CA/Browser Forum occasionally comes out with new baseline requirements and policies. So, if the certificates are already in production and new certificates are about to be issued, these will be required to be compliant with the new baseline requirements. This often happens overnight and sometimes, they have more time to plan for it. But regardless, this is where automation can help — with larger scale certificate deployment. It allows those certificates to be automatically renewed and be compliant in case there is a new compliance policy.
About the Author
Avesta Hojjati is the Head of R&D at DigiCert, where he manages the advanced development of cybersecurity products. Before joining DigiCert, Avesta was part of the Symantec and Yahoo security teams, as well as operating his own cybersecurity startup. Avesta focuses on applied cryptography, blockchain, post-quantum crypto, and IoT security. Avesta earned his Masters in computer science with a concentration on security from the University of Illinois at Urbana Champaign, and he’s currently completing his Ph.D. dissertation on applications of blockchain and IoT in manufacturing.
Disclaimer
Views expressed in this article are personal.
