The Future of IT Security: Automation and PKI

Show Notes

Ready to discover how automation is a game-changer in today's evolving IT landscape? Tune in to our fireside chat from Information Week’s IT Automation event with Mrugesh Chandarana, Director of Product Management for HID's cloud-based PKI-as-a-Service. Mrugesh walks us through IT and security trends that automation can help enterprises solve. In a rapidly changing world, automation can improve productivity and business resilience and challenges conventional notions around zero trust security. He emphasizes that automation is a 'workforce multiplier' and could be the key to managing the lifecycle of digital certificates, thereby reducing cyber risk. 

In the second half of our discussion, we dig into the critical role of Public Key Infrastructure (PKI) in enabling zero trust within networks. Mrugesh offers insightful commentary on the evolution of PKI and its increasing prominence in enterprise ecosystems. We also discuss the rise of IoT devices and the challenges posed by their exponential growth. Be prepared for an engaging conversation that promises to enhance your understanding of automation's role in bolstering business resilience and productivity. 

Transcript

Speaker 1: 0:01

Powering trusted identities of the world's people, places and things. Every day, millions of people in more than 100 countries use our products and services to securely access physical and digital places. Over 2 billion things that need to be identified, verified and tracked are connected through HID Global's technology.

Speaker 2: 0:23

Now to continue today's conversation. We're joined by =<span style="color: rgb(102, 102, 102); font-family: lato, &quot;Helvetic Neue&quot;, Arial, san-serif; font-size: 16px; white-space-collapse: collapse; background-color: rgb(255, 255, 255);">Mrugesh</span>h Shandurain Shandurana. He's the Director of Product Management for HID's cloud-based PKI as a service offering. Welcome, muguresh, how are you?

Speaker 3: 0:39

Thank you, Dana, I'm doing well how are you Very well?

Speaker 2: 0:45

Good to have you with us. You know we just heard some very compelling reasons why automation is an increasingly powerful solution for productivity and business resilience in a rapidly changing world. Let's drill down deeper into some of the key automation use cases that Shailen referred to Specifically. Are there IT and security trends impacting businesses across the globe that automation can clearly help solve Muguresh? How is automation challenging the status quo around increasingly popular zero trust security and implementation of zero trust environments as an example of a salient automation use case?

Speaker 3: 1:25

Great question. If we kind of look at the holistic view of zero trust, the idea is basically you don't trust anything connecting to your network, whether it's coming in or coming from outside or externally right, and you establish the trust and you verify that trust all the time whenever there is a transaction within the network. And in order to establish that zero trust, the PKI has been a technology or backbone behind authorization, authentication and data encryption, which is basically allow you to do the zero trust within your network. Now, if we look at historically how PKI was used in enterprise, there were few use cases like the authentication type of stuff in a highly secured environment, but people were using PKI and big corporations were managing those within their network in影 price ecosystems. However, things has evolved over time and now new use cases are popping up. Which uses PKI and nowadays every technology out there understands PKI, which is more important and PKI has evolved over time.

Speaker 3: 2:56

Even if you look at the simplest use case of securing the Internet for your website the TLS SSL certificate it used to be the case where you can issue the TLS SSL certs for three years for your website.

Speaker 3: 3:11

Now things have shifted and we are leaning towards going back to only 90-day validity cert.

Speaker 3: 3:19

Now when this cert expires, you have to have a workforce renewing that.

Speaker 3: 3:25

And with the expansion of global Internet now we are not talking about enterprises managing one, two or five websites here we are talking about thousands and thousands of websites or web servers being managed by enterprise. It's not scalable to do those things manually, to manage the lifecycle of those digital certificates which is going to be there for good, which you have to manage and maintain. So automation is kind of adding your workforce it's a workforce multiplier, I would call it which would allow you to not only help your workforce but empower them with doing more efficient work and it reduces your cyber risk as well. If you look at it, if you try to do things manually with spreadsheet and all that, it's all error-prone and we have seen it over time and time. I mean recent examples. I mean a lot of times big corporations like Microsoft forget to renew digital certificate for Microsoft teams and teams went down for a few hours. I mean we live and breathe nowadays with those technology and tools into our life and with this manual stuff you can't sustain.

Speaker 2: 4:48

Right. So the public key infrastructure is a proven technology. We know it works. It's the implementation. Now, of course, the rate and pace of updating is improving or increasing, I should say Plus. There's more endpoints to service right. So how do we use automation and perhaps also that as a service or cloud native model to help overcome these challenges?

Speaker 3: 5:13

Yeah, I mean you brought up a great point about the endpoints being increasing within Enterprise and we haven't even touched on the IoT side. When you look at different researchers from different analyst forums, it's very evident that IoT is going to be an exponentially growth in terms of number of devices. What we are going to see out there. I mean even in my house, if I compare five years ago and now, I have probably about 40 different devices connecting into my network in within my small periphery right when you have Alexas and Googles and video cameras and your phones and your Alexa enabled lights and all that.

Speaker 3: 6:05

If you look at those devices and the increasing function of those, you have to secure those devices, and TKI has been a great technology in terms of doing the passwordless authentication.

Speaker 3: 6:22

It's very important for IoT devices because your IoT devices is going to talk to the cloud virtually and you are not managing your IoT device. It's consumer who is actually installing it within their houses, right? And it's still basically sending data to your cloud services. So you want to make sure that the devices which is talking to those cloud services are secure and not hacked in some way or passion before it sends the data and those data are real right. So I think in that particular use case, the PKI has been a great technology to establish the trust between those two ecosystems and actually doing the passwordless authentication. Now we talk about IoT devices, where you are not talking about thousands here. We are talking about millions of devices out there in the field and you are trying to protect them. Manual way or traditional way of dealing with it is not going to help and solve the problem. You need automatic way to do it, right.