Improving MIM Process With A Crypto-Agile Framework

Updated on

Cloud adoption and the proliferation of machine identities affects all industries – no business in the United States can escape it. When cloud emerged 10 years ago it was on the bleeding edge of technology – and risk. In those early days few thought financial services firms like banks would adopt it purely because banks are so risk adverse. However, over the last year alone a record number of banks have been moving away from on-prem data centers and toward cloud-hosted infrastructure.

Get The Full Henry Singleton Series in PDF

Get the entire 4-part series on Henry Singleton in PDF. Save it to your desktop, read it on your tablet, or email to your colleagues

Q3 2021 hedge fund letters, conferences and more

Security Issues With Financial Services Companies

The identity and access management (IAM) trends and strategies survey reveals a common thread, which is security and an overall lag in IT maturity to match modern use cases. Financial services companies are highly regulated, which means that a lot of annual budget diverts to internal efforts to support compliance activities and security implementation. A lack of available budget results in a roving scale of IT maturity with many focusing on traditional perimeter security defenses, rather than emerging use cases and machine identities.  The focus on perimeter defenses means that these firms aren't investing in technology that can help them mature their overall security posture. It's a traditional mindset, versus an approach that considers the complexity of today's threat landscape and the specific attack vectors that could put their business at risk. 

A surprising number of banks and financial services firms continue to use more traditional manual processes and human elements. Many manual processes are essential in bank environments because of the nature of the business and business approval systems, however automated tools and technology can bring a hybrid model to the table that accommodates both manual and automated use cases. 

Protecting financial transactions extends beyond ATM machines. Modern use cases like multi-factor and IoT security need advanced digital certificate and key management that supports a hardened security posture.  

Introducing a crypto-agile framework within the broader corporate IT security strategy can help financial services modernize their IAM approach and better manage machine identities.  Crypto agility is an approach that matches an organization’s current IAM use cases to scale. Having the framework in place supports a hybrid approach that allows for seamless automated updates and delivers greater security confidence.

Tips To Map A Crypto-Agile Approach

Here are four steps that business and IT leaders can apply to map a crypto-agile approach and improve their machine identity management processes:

  1. Establish crypto agility. Build a digital certificate inventory and lifecycle workflows to establish your crypto strategy and framework.
  2. Run an inventory.Identify every certificate within the business and use cryptographic parameters to understand where machine identities (digital keys and certificates) have been deployed and what assets they secure.
  3. Develop a certificate lifecycle plan. Standardize certificates to ensure that common workflows are followed when machine identities are deployed. Standardization addresses audit questions focused on asset custody and other downstream issues that could impact compliance.
  4. Adopt IT automation technology. Traditional and manual certificate management processes aren’t equipped to revoke and reissue certificates at scale, so introducing a single, automated platform can provide better visibility, simplifying the identification and replacement process.

About the Author

Harry Haramis is general manager, U.S. for PrimeKey, a Keyfactor company. With over 30 years’ experience in the field of information technologies, Haramis has extensive experience designing and developing state-of-the-art security technology solutions for the most complex and sensitive information systems. He has worked on projects of all sizes and in all areas of Network & Security infrastructure. As a proven leader, Harry has led teams of technical engineers to the successful conclusion of countless projects. He has published several white papers as well as hosted several seminars and presentations. Haramis holds some of the industry’s highest certifications including CCIE #6772, CCNP, CCNA, CCSE, CISSP, CNE, VCP, and MCSE+I.