blog trackingRealtime Web Statistics Gartner Archives - Gregory D. Evans | Worlds No. 1 Security Consultant

Posts Tagged ‘Gartner’

BYOD will revive network-access control idea, Gartner predicts

Is the BYOD craze going to bring a revival of NAC, the policy-based network-access control that was hyped a decade ago but didn’t end up widely adopted for endpoint security?
View full post on Security – Infoworld

View full post on National Cyber Security

Consumerization trend driving IT shops ‘crazy,’ Gartner analyst says

IT managers who grapple with Bring Your Own Device (BYOD) policies can expect to see an explosion of different devices used by their workers in the next few years.
View full post on Computerworld Security News

View full post on National Cyber Security » Announcements

Managing X.509 certificates by spreadsheet too risky, says Gartner

Poor management of the X.509 certificates that underpin SSL security could explain a growing number of mysterious system outages, a Gartner report has suggested.

The biggest problem is simply the number of certificates which many businesses find themselves using for e-commerce and machine-to-machine communication which according to Gartner many still manage using manual spreadsheets.

In X.509 Certificate Management: Avoiding Downtime and Brand Damage, Gartner reckons that organisations managing as few as 200 certificates manually will need to employ need one full-time member of staff to cope with the workload of basic provisioning and renewal.

As this rises to thousands of certificates in large organisations, a certification management system becomes necessary to automate basic processes.

In Gartner’s view the effect of expired X.509 certificates on service failures is probably now being underestimated.

“Many organisations that have an unplanned certificate expiry typically focus on other systemic causes, such as hardware or software issues, long before they begin to consider an expired X.509 certificate as the source of troubles,” the authors believed.

As well as unexpected X.509 expiry, the report also notes that a number of certificate authorities have been compromised by hackers in the last year which puts further pressure on companies using such certificates to react quickly in the event of a breach.

Branded authorities suffering problems have included Comodo, DigiNotar, RSA, GlobalSign, largely at the hands of Iranian hacker ‘Comodohacker’, who single-handedly embarrassed a previously rock-solid certificate industry worth billions.

“This is what happens with organic growth. X.509 are implemented silo by silo,” said Jeff Hudson, CEO of Venafi, along with Trustwave and VeriSign, one of three companies Gartner mentions as selling automated management systems.

According to Hudson, the sheer scale of the X.509 infrastructure companies are now managing has crept up on them over time. Organisations should develop business continuity for this in the light not only of its scale but it recent insecurity.

“It is totally manageable. These are machines talking to machines. It can be automated,” he said.

Gartner recommends that organisations automate provision and renewal, introducing some form of validation using certificate revocation lists (CRLs) to ensure their security. Certificates should be carefully audited to ensure that they have installed or de-installed correctly.

Article source: http://rss.feedsportal.com/c/270/f/3551/s/1bf7fa93/l/0Lnews0Btechworld0N0Csecurity0C33313880Cmanaging0Ex50A90Ecertificates0Eby0Espreadsheet0Etoo0Erisky0Esays0Egartner0C0Dolo0Frss/story01.htm

View full post on National Cyber Security » Computer Hacking

Managing X.509 certificates by spreadsheet risky, says Gartner

Poor management of the X.509 certificates that underpin SSL security could explain a growing number of mysterious system outages, a Gartner report has suggested.

The biggest problem is simply the number of certificates which many businesses find themselves using for e-commerce and machine-to-machine communication which according to Gartner many still manage using manual spreadsheets.

In X.509 Certificate Management: Avoiding Downtime and Brand Damage, Gartner reckons that organisations managing as few as 200 certificates manually will need to employ need one full-time member of staff to cope with the workload of basic provisioning and renewal.

As this rises to thousands of certificates in large organisations, a certification management system becomes necessary to automate basic processes.

In Gartner’s view the effect of expired X.509 certificates on service failures is probably now being underestimated.

“Many organisations that have an unplanned certificate expiry typically focus on other systemic causes, such as hardware or software issues, long before they begin to consider an expired X.509 certificate as the source of troubles,” the authors believed.

As well as unexpected X.509 expiry, the report also notes that a number of certificate authorities have been compromised by hackers in the last year which puts further pressure on companies using such certificates to react quickly in the event of a breach.

Branded authorities suffering problems have included Comodo, DigiNotar, RSA, GlobalSign, largely at the hands of Iranian hacker ‘Comodohacker’, who single-handedly embarrassed a previously rock-solid certificate industry worth billions.

“This is what happens with organic growth. X.509 are implemented silo by silo,” said Jeff Hudson, CEO of Venafi, along with Trustwave and VeriSign, one of three companies Gartner mentions as selling automated management systems.

According to Hudson, the sheer scale of the X.509 infrastructure companies are now managing has crept up on them over time. Organisations should develop business continuity for this in the light not only of its scale but it recent insecurity.

“It is totally manageable. These are machines talking to machines. It can be automated,” he said.

Gartner recommends that organisations automate provision and renewal, introducing some form of validation using certificate revocation lists (CRLs) to ensure their security. Certificates should be carefully audited to ensure that they have installed or de-installed correctly.

Article source: http://rss.feedsportal.com/c/270/f/3551/s/1bf7d3b1/l/0Lnews0Btechworld0N0Csecurity0C33313880Cmanaging0Ex50A90Ecertificates0Eby0Espreadsheet0Erisky0Esays0Egartner0C0Dolo0Frss/story01.htm

View full post on National Cyber Security » Computer Hacking

Get The New Book By Gregory Evans

Everyone Is Talking About!

Are You Hacker Proof?
$15.95

Find Out More, Click Here!