China joins Google in claiming quantum supremacy with new technology, ratcheting up RSA decryption concerns.
Continue reading Threatpost
China joins Google in claiming quantum supremacy with new technology, ratcheting up RSA decryption concerns.
Continue reading Threatpost
A recent study found 36% of consumers are increasing their online shopping this holiday season. As a result, hackers are capitalizing on this trend.
Continue reading USA TODAY
DigiCert IoT Device Manager™ now enables manufacturers to embed certificates on chips prior to manufacturing and generate certificate requests directly from an edge device.
Continue reading Security Boulevard
Atualmente as organizações enfrentam novos desafios na manutenção de sua segurança e identidade. O aumento do trabalho remoto e do BYOD (Traga seu Próprio Aparelho) colocam a PKI (Infraestrutura de Chave Pública) em um papel crucial no gerenciamento de dispositivos móveis nas empresas.
sigue leyendo PortalInvestne.com
According to Verizon’s Data Breach Investigations Report for 2020, social engineering is a top attack vector for hackers, and we expect threat actors to leverage current events to unprecedented levels.
Continue reading Global Security Mag
Digital Certificates sit at the heart of any secure enterprise. The myriad of connections and identities governed by an enterprise demand a level of attention and expertise to keep them secure. The price for that lack of attention is mismanagement. It’s not a word that’s quite as dramatic as breach or “massive irretrievable data loss”, but can lead to both quite quickly.
Continue reading Infosecurity Magazine
Enterprise PKI Manager in DigiCert ONE from DigiCert, Inc., a globally renowned provider of TLS/SSL, IoT and PKI solutions, supports security for today’s increasingly remote workforces via certificate automation to authenticate employees and their devices at scale, and encrypt data. Working from home is here to stay, with Gartner reporting that 74% of CFOs are looking to shift some employees to permanent remote work.
Continue reading SecurityInformed.com
The electric vehicle (EV) market continues to expand at a rapid pace and demonstrated strong year-over-year growth before the pandemic emerged. According to a recent survey by IEA, sales of electric cars topped 2.1 million globally in 2019, boosting the total stock to 7.2 million electric cars.
Continue reading Security Boulevard
Enterprise PKI Manager in DigiCert ONE from DigiCert supports security for today’s increasingly remote workforces via certificate automation to authenticate employees and their devices at scale, and encrypt data.
Continue reading Help Net Security
The Internet of Things (IoT) has come a long, long way since precocious students at Carnegie Melon University installed micro-switches inside of a Coca-Cola vending machine so they could remotely check on the temperature and availability of their favorite beverages.
Continue reading The Last Watchdog
With the pandemic nearing no visible end, it is understood that educators, both in schools and colleges, will continue to rely on online learning. In the era of digitalization that we live in, cybersecurity incidences have reached unprecedented heights, and online learning needs to be secured from hackers.
Continue reading eLearning Industry
5G has officially come to the new Apple iPhone 12, and with it comes the possibility of improving connectivity speeds in cities with high population densities and in crowded areas such as sports or musical events.
Continue reading Tec Review
Read MoreHosting Advice
Read MoreSecurity Boulevard
Read Moreavast blog
Read MoreVAR India
Read MoreARN Net
Read MorePC World
Unfortunately phishing has become so prevalent that most of us have grown sort of jaded. Case in point, we pass around phishing email examples at our office. It’s not uncommon to get an email from a coworker with a subject line like “check out teh pheesh” and a screenshot of a questionably worded request to change a password or some such nonsense.
Continue reading at hashedout by The SSL Store
The concept has been around since the 1970s, and the term “Internet of Things” was reportedly coined by Kevin Ashton in 1999, when he was working as a brand manager at Procter & Gamble.
Continue reading at Hack Reactor
As the global pandemic extends into the fall, it’s clear that most schools and universities will continue to rely on online instruction in the near term. However, although online instruction can help minimize health risks, it also introduces heightened security risks and highlights the importance of protecting data.
Continue reading at MarketScale
In this special #NCSAM IntoSecurity edition, Dan Raywood is joined by Mike Nelson, VP, IoT Security, Digicert and Beau Woods, co-founder, I Am The Cavalry to discuss the themes behind this year’s Cybersecurity Awareness Month. . They also share why consumers need to pay closer attention to their connected devices.
As cloud technology and reliability continue to surpass their on-premise counterparts, more than 50% of organizations have made the switch to managed cloud PKI or plan to soon.If your organization isn’t counted among that number yet, you’re missing out on the tremendous benefits a managed cloud PKI can offer.
Continue reading at SECURITY BOULEVARD
DigiCert, Inc. introduced Secure Software Manager, a modern way to automate and manage PKI security across CI/CD pipelines. Secure Software Manager makes it easy for enterprises to integrate secure key management for code signing into their development processes while delegating cryptographic operations, signing activities and management in a controlled and auditable way.
Continue reading at varindia.com
EHI, Utah, Oct. 22, 2020 /PRNewswire/ — DigiCert, Inc., the world’s leading provider of TLS/SSL, IoT and PKI solutions, today introduced Secure Software Manager, a modern way to automate and manage PKI security across CI/CD pipelines. Secure Software Manager makes it easy for enterprises to integrate secure key management for code signing into their development processes while delegating cryptographic operations, signing activities and management in a controlled and auditable way.
Continue reading at DARKReading
Continue Reading The Security Ledger
Continue Reading eSchoolMedia,com
Continue Reading Linux Journal
Continue Reading Info Security
Read More Security Ledger
Read More Gestalt IT
Read More HashedOut
The global surge in home-based Internet of Things (IoT) devices seen in recent years should be a cause for celebration. Essentially electronic devices that connect wirelessly to a network, they have undoubtedly enriched the lives of many people; common examples include smart watches to monitor heart rates and breathing, smart refrigerators and TVs and virtual assistants. For many, this offers convenience in their everyday lives, but for others, such as those living with disabilities, they can be life-changing.
Read More Info Security
X-mini today announced the launch of its first true wireless XOUNDPODS called LIBERTY, which will be available in October for S$69.90.
Read More Tech Coffee House
DigiCert and ServiceNow are collaborating on a new way to bring certificate management within the ServiceNow platform.
DigiCert’s CertCentral application, which enables administrators who seek to manage certificate lifecycles, is accessible within the ServiceNow platform, with preferences synced across both the CertCentral app and ServiceNow.
Continue reading at Security Brief
In the middle ages, the Knights Templar established the key processes for the modern system of notary services, banking, loans, and mortgages that we have today. During that era, Knights carried with them documentation that proved their identity, created by a notary, often embossed with official wax seals.
Continue reading at TechRadar.com
Today marks eight years since the first Security Ledger post went live back on October 2, 2012. (That story was “After VOHO Attacks, Organizations Face Arduous Cleanup,” which concerned a string of watering hole attacks.)
Continue reading at Security Ledger
For years, Apple, Firefox, Google and Microsoft relentlessly made the point that in order to avoid rogue sites you must make sure your browser “padlock” is either locked, green or is otherwise indicating a site as being “secure.” Now, cybersecurity firms are stressing that those padlocks are not enough.
Continue reading at Threatpost.com
Data I/O Corporation (NASDAQ: DAIO), a leading global provider of advanced data programming and security provisioning solutions for flash-memory, flash based microcontrollers, secure elements and authentication ICs and DigiCert, the world’s leading provider of scalable PKI solutions for identity and encryption, today announced the companies are partnering to enable secure provisioning of semiconductor devices for IoT applications on Data I/O’s SentriX Secure Provisioning System.
Continue reading at SMTnet
September 1, 2020 marked the dawn of a new era for SSL certificates. Multi-year SSL certificates are now history. The only certificates that will be trusted by major browsers will be those with a validity period of 397 days or less. Why 397 days, you ask? That’s one year plus a one-month grace period for renewal.
Continue reading at Hashed Out by The SSL Store™
We’ve seen the IoT come of age over just the past few years, and innovative use cases continue to build momentum. Gartner forecasts that 25 billion connected things will be in use by 2021. However, although the IoT has tremendous potential across many industries, Gartner surveys still show security is the most significant area of technical concern.
Continue reading at the security leader
A team of researchers has documented a vulnerability in TLS 1.2 (and earlier versions) that could allow a man-in-the-middle attacker to acquire a shared session key and decrypt SSL/TLS traffic.
Continue reading at Hashed Out by The SSL Store™
Read More CIO Review
Read More CRN
Read More IoT Evolution
Personal data, and the need to secure it, has been prominent in the headlines over the past year. Last July, the Federal Trade Commission (FTC) fined Facebook $5 billion for violating privacy and mishandling users’ personal information. That same month, British Airways was hit with a fine for $228 million by the UK Information Commissioner’s Office (ICO), due to a breach that compromised the personal data of 500,000 of its customers. U.S. hotel group Marriott was also fined $123 million for violating General Data Protection Regulation (GDPR) privacy rules.
Read More Security Boulevard
The House of Representatives has passed a bipartisan bill requiring that all Internet of Things devices purchased by the government meet minimum security requirements. The Senate will likely pass the measure and send it to the president’s desk for his signature.
Read More Washington Examiner
Trust can be a tricky concept, especially when it comes to security. The age of network computing demands that we extend trust to lots of people – many of whom we don’t know. As remote working gains speed – we extend that trust not just to employees and users, but to their home devices, the wi-fi networks they use and the people they associate with.
Continue reading at Global Security Mag
DigiCert, a provider of TLS/SSL, IoT and other PKI solutions, has announced a new Multi-year Plan of up to six-year coverage for TLS certificate purchases in the DigiCert CertCentral TLS Manager. Multi-year Plan simplifies certificate purchasing and renewal processes for customers and partners ahead of Sept. 1, when browsers will shorten maximum certificate lifetimes to one year. Multi-year Plan eliminates the need for annual per-certificate purchases, helps achieve cost savings through discounts and takes advantage of CertCentral automation.
Continue reading at DQ Channels
Internet security is a serious matter. Last year alone, 23,000 Australian businesses experienced some form of cyber security incident¹, which is why all major browsers such as such Google Chrome, Mozilla Firefox, and Apple Safari all employ various security alerts so users can make informed choices on the sites they visit.
Continue reading at 50 So What
DigiCert, Inc., a leading provider of TLS/SSL, IoT, and other PKI solutions, today announced a new Multi-year Plan of up to six-year coverage for TLS certificate purchases in the DigiCert CertCentral® TLS Manager. Multi-year Plan simplifies certificate purchasing and renewal processes for customers and partners ahead of Sept. 1, when browsers will shorten maximum certificate lifetimes to one year. Multi-year Plan eliminates the need for annual per-certificate purchases, helps achieve cost savings through discounts, and takes advantage of CertCentral automation.
Continue reading at Digital Creed
“As someone who has spent over a decade in the IoT security space, I have seen many attacks and vulnerabilities affect the IoT devices in my life. Yet I don’t shy away from smart home devices. You shouldn’t have to either, if you take steps to secure them…
Continue reading at theinternetofthings.eu
The next generation of computing—think quantum and beyond—could soon threaten current asymmetric encryption technologies, including PKI. Here’s what you need to know.
Continue reading at HPE.com
What is DevOps? How are organizations transitioning to DevOps? Is it possible for organizations to shift to enterprise DevOps? Read more to find out!
Continue reading at DZone.com
At iAdvize, we know that customer experience (CX) is an innately human discipline. And it’s always evolving. That’s why we never stop looking for great ideas and insights from CX thought leaders.
Continue reading at iAdvize
Starting today, the lifespan of new TLS certificates will be limited to 398 days, a little over a year, from the previous maximum certificate lifetime of 27 months (825 days).
Continue reading at The Hacker News
Phishing attacks designed to lure people into clicking on sites that look like legitimate businesses are nothing new. But this kind of activity has been amped up with so many more people having to use the internet for everyday activities, like ordering groceries online or purchasing products for curbside pickup. Users have been getting more savvy, though, and people do want to know that the companies they are doing business with are legitimate.
Continue Reading CSO
A DigiCert study found that 55% of business Information Technology (IT) specialists are concerned about the impact of quantum computing on cryptography. The company explained in a statement that 71% consider this technology to be a threat in the future and “many” have heard of quantum computing, but few know what it is.
Continue Reading Explica
DigiCert, Inc. provider of TLS/SSL, IoT and other PKI solutions announced a new Multi-year Plan of up to six-year coverage for TLS certificate purchases in the DigiCert CertCentral TLS Manager. Multi-year Plan simplifies certificate purchasing and renewal processes for customers and partners ahead of Sept. 1, when browsers will shorten maximum certificate lifetimes to one year. Multi-year Plan eliminates the need for annual per-certificate purchases, helps achieve cost savings through discounts and takes advantage of CertCentral automation.
Continue Reading dqindia.com
DigiCert announced a new Multi-year Plan of up to six-year coverage for TLS certificate purchases in the DigiCert CertCentral TLS Manager. Multi-year Plan simplifies certificate purchasing and renewal processes for customers and partners ahead of Sept. 1, when browsers will shorten maximum certificate lifetimes to one year. Multi-year Plan eliminates the need for annual per-certificate purchases, helps achieve cost savings through discounts and takes advantage of CertCentral automation.
Continue Reading CRN
Scientists at the Huntsman Cancer Institute (HCI) at the University of Utah have developed a new method to study the molecular characteristics of tumors of the lung and pancreas that are driven by mutations in a gene named NTRK1. The researchers hope the new NTRK1 mouse models will accelerate progress toward finding more effective treatments for patients with NTRK1-driven lung and pancreas cancers. The findings were published in the journal Cell Reports.
Continue Reading The Enterprise Utah’s Business Journal
Healthcare IT and security administrators must understand the evolving challenges of protecting healthcare IoT devices and data to keep patients safe.
Healthcare organizations must practice a careful balancing act to get the advantages of connected devices without adding too much risk to patient safety.
IoT Agenda
The dispute is about how digital security certificates are exchanged between automakers, chargepoint facilitators and mobility operators.
SAE International
SINGAPORE – DigiCert, Inc., the world’s leading provider of TLS/SSL, IoT and other PKI solutions, today announced a new Multi-year Plan of up to six-year coverage for TLS certificate purchases in the DigiCert CertCentral® TLS Manager. The Multi-year Plan simplifies certificate purchasing and renewal processes for customers and partners ahead of Sept. 1, when browsers will shorten maximum certificate lifetimes to one year. Multi-year Plan eliminates the need for annual per-certificate purchases, achieves cost savings via Multi-year Plan discounts and takes advantage of CertCentral automation.
CIO Review
Featuring on-premises, controllable enterprise proxy to securely monitor and process automated certificate lifecycle, Gateway is set for general availability Q4, to join Automation Tools already available in DigiCert CertCentral ® (LEHI, Utah) – (August 4, 2020) – DigiCert, Inc., the world’s leading provider of TLS/SSL, IoT and other PKI solutions, today announced its new DigiCert Automation Gateway…
Read More IT Security News
DigiCert, Inc. announced its new DigiCert Automation Gateway. Automation Gateway launches with integration into DigiCert CertCentral® in Q4. This new automation approach is designed to accelerate the adoption of automated certificate issuance, renewal, reissuance and revocation by tackling some of the common concerns with existing offerings. Automation Gateway will provide organizations the confidence to widely deploy automation protocols within their company networks to provide greater agility.
Read More Global Security Mag
As the IoT continues to gain momentum, trust is more important than ever for today’s innovative use cases. As devices become more connected and mobile, embedding trust in transactions and processes is an essential part of supply chain operations. Electronic devices and sensors are increasingly Internet-enabled, with frequent communications with back-end servers for updates and other resources. They must also frequently authenticate themselves to other devices. However, not all IoT security best practices have developed at the same rate. As IoT use cases have developed, the need for system integrity, security, and encryption has become clear, but in some cases authentication may have been considered less critical.
Read More USSCMC
The COVID-19 pandemic has dramatically transformed the workplace, with more workers than ever working remotely. And many of the changes are here to stay. According to a recent survey, more than 77 percent of HR executives expect the trend toward remote work to continue, even after the outbreak subsides.
Read More Small Biz Daily
DigiCert ONEⓇ support for strong authentication in dynamic environments, scalability and operational integrity enables organizations to migrate network operations to 5G and cloud with confidence
SINGAPORE – (28 July 2020) – DigiCert, Inc., the world’s leading provider of TLS/SSL, IoT and other PKI solutions, has announced a robust set of features and capabilities in DigiCertⓇ IoT Device Manager that enable telecommunications providers to deploy 5G network services to cloud environments while maintaining security, compliance and performance. Hosted on the DigiCert ONE platform, IoT Device Manager provides support for strong authentication in dynamic, cloud-native environments, as well as scalability and operational integrity.
Read More The CyberSecurity Place
As someone who has spent over a decade in the IoT security space, I have seen many attacks and vulnerabilities affect the IoT devices in my life. Yet I don’t shy away from smart home devices. You shouldn’t have to either, if you take steps to secure them.
…Simply put, your personal information is vulnerable if it is being transmitted or stored on an IoT device without encryption. Does that mean you should avoid these devices entirely? Not necessarily.
Read More The IoT EU
Not all certificate authorities are created equally — some are more trustworthy than others. But did you know that there’s a way to control which CAs can issue certificates for your domain? Here’s everything to know about DNS CAA records…
Read More Security Boulevard
A scientist at Los Alamos National Laboratory recently asked an important question: “When full-fledged quantum computers arrive, will we be ready?” This scientist researches quantum information theory and his opinion piece for Scientific American magazine focused on quantum computing’s applications. But it’s a smart question when considering cybersecurity as well.
Read More Security Boulevard
DigiCert has announced a robust set of features and capabilities in DigiCert IoT Device Manager that enable telecommunications providers to deploy 5G network services to cloud environments while maintaining security, compliance and performance.
Read More HelpNet Security
Read More CIO Review
Google is partnering with DigiCert and Entrust Datacard to launch a BIMI pilot for Gmail — using brand indicators for message identification will boost email security and allow companies to show their logo in customers’ inboxes
For everyone who has BIMI — brand indicators for message identification — on their cybersecurity wish lists for G Suite, it looks like Christmas has come early.
Read More Security Boulevard
Many remote employees must access a corporate private network from home to continue business as usual. Organizations are turning to virtual private networks (VPN) as never before to keep remote workers connected to critical information and tools. To protect sensitive data and network bandwidth, however, companies must secure and control that network access such as by incorporating digital certificates into their cybersecurity strategy. Follow these five VPN best practices for secure remote worker access.
https://www.apmdigest.com/want-secure-remote-worker-access-with-vpn-these-5-steps-get-you-closer
Apple, Google, and Mozilla will shorten the life span for TLS certificates in a move poised to aid security but cause operational troubles.
On Sept. 1, browsers and devices from Apple, Google, and Mozilla will show errors for new TLS certificates with a life span longer than 398 days. The move, while beneficial for security, pushes back against certificate authorities (CAs) and may prove an operational headache for businesses.
Read More Dark Reading
Some 20 years ago, the founders of Amazon and Google essentially set the course for how the internet would come to dominate the way we live.
Jeff Bezos of Amazon, and Larry Page and Sergey Brin of Google did more than anyone else to actualize digital commerce as we’re experiencing it today – including its dark underbelly of ever-rising threats to privacy and cybersecurity.
Read More The Last Watchdog
DigiCert’s customer-focused strategy, feature-rich solutions and agile processes give it a distinct competitive advantage in the global market
Frost & Sullivan has recognised DigiCert with the 2020 Global Company of the Year Award, based on its recent analysis of the global transport layer security (TLS) certificate market. DigiCert has exhibited strong market leadership in its growth, supporting the adoption of new standards and continually innovating with the industry’s best, most modern public key infrastructure (PKI) technology. In addition to the strength in the TLS/SSL market, the company is also focused on new security technologies, such as protecting devices in the Internet of Things (IoT) and developing implementations of post-quantum cryptography (PQC). By developing these technologies and helping define standards to address new security use cases, the company is strengthening its leadership position within internet security.
Read More Networks Europe
It now seems kind of quaint that cybercriminals go after computers. The kind of threats we now expect to have, have a much larger appetite.
A recent Freedom of Information request has revealed that London’s world-famous tourist attractions, such as the National History Museum, Kew Gardens and the Tate art galleries have been attacked over 109 million times in the last few years.
Read More Global Security Mag
Research shows that as online fraud grows, consumer digital trust in the organisation declines. Whether this is accomplished via a website impersonation attached to a phishing email or a Man-in-the-Middle (MitM) attack, digital trust and enterprise revenue is ultimately the collateral damage that will be sustained by organisations. In fact, cybersecurity emerged as a leading business risk for APAC companies, with cyber incidents and threats listed as the most crucial one.
Read More Cyber Security Asean
Valimail is proud to announce that we are partnering with DigiCert to help companies prepare for BIMI — a new standard that will increase email marketing effectiveness while stimulating the adoption of email authentication.
Read More Valimail
The Age of Big Data has arrived. According to estimates, 90% of the data in the entire world has been generated in just the past two years. The growth will continue to accelerate, as the total installed base of internet of things (IoT)-connected devices is projected to reach 75.44 billion worldwide by 2025—a fivefold increase in 10 years.
Read More SECURITY BOULEVARD
Google has announced the pilot for corporate avatars in Gmail that’s tied to DMARC adoption, a raft of new G Suite security features to protect Gmail, Meet and Chat, and new tools for admins to manage mobile devices and data leakage from Google Drive.
Read More ZDNet
While COVID-19 is hurting in-store traffic for most American retailers, e-commerce sites have experienced a huge surge in activity.
Amazon, for example, reported a 26% jump in revenue during the first three months of 2020, especially after stay-at-home orders were first introduced, compared to the same period a year ago.
The trend continued – nay, accelerated – well into the spring, with data from Adobe Analytics’ Digital Economy Index suggesting all U.S. online sales have increased by as much as 49% in April compared to pre-COVID-19 numbers.
Read More USA Today
T departments juggle many moving parts to support remote employees. With more than 40% of the U.S. workforce working from home during the novel coronavirus pandemic, managing mobile device use should be among them. Increasingly, employees rely on mobile devices to access the corporate network. Mobile device management (MDM) is an IT solution that enables companies to manage, control and secure connected devices for remote employees. It’s worth exploring MDM and its relationship to modern public key infrastructure (PKI) and digital certificates for a few compelling reasons.
Read More Tech Company News
As businesses continue to grapple with the current healthcare crisis, maintaining business continuity has become more challenging. Organizations rapidly pivoted to working remotely as the COVID-19 pandemic unfolded, and early survey results show that workplace changes may persist over the long term. A recent Gartner survey of 317 CFOs and business finance leaders found 74 percent of those surveyed expect at least 5 percent of their workforce who previously worked in company offices will become permanent work-from-home employees after the pandemic ends.
Read More IT Chronicles
Shelton, CT, July 16, 2020 — TMC, a global, integrated media company helping clients build communities in print, in person and online, in conjunction with its partner Crossfire Media, today announced the winners of the 2020 IoT Product of the Year Award, presented by IoT Evolution World.
The award honors the best and most innovative products and solutions powering the Internet of Things. Nominated solutions must have been available for deployment within the past twelve months as judged by the editors of IoT Evolution World magazine.
Sigue leyendo IoT Evolution World
Here are three things cybersecurity experts say businesses need to do to protect themselves and recover from these types of attacks.
Sigue leyendo San Francisco Times
Back in January 2019, IBM turned the global computing community on its head when it introduced the first circuit-based commercial quantum computer, the IBM Q System One. While the full commercial availability of quantum computers is still a way off, many individuals — including those in the IT sector — are excited about the promise of these machines offering solutions to problems that are too difficult for today’s digital computers.
One of the major benefits a quantum computer will provide is the ability to solve problems at light speed via its super coding systems. To put it in perspective, with current technology we estimate A capable quantum computer could conceivably do it in months.
Read More Technology Decisions
Research shows that as online fraud grows, consumer digital trust in the organization declines. Whether this is accomplished via a website impersonation attached to a phishing email or a man-in-the-middle (MitM) attack, digital trust and enterprise revenue are ultimately the collateral damage that will be sustained by organizations. In fact, cybersecurity has emerged as a leading business risk for Asia Pacific (APAC) companies, with cyber incidents and threats listed as the most crucial.
Read More TechTouch Asia
DigiCert, a world’s leading provider of TLS/SSL, IoT and other PKI solutions, and Valimail, a leading provider of identity-based anti-phishing solutions, has announced that they are partnering to help companies prepare for Brand Indicators for Message Identification (BIMI), a new standard currently in pilot that allows companies to display a verified logo in emails with a Verified Mark Certificate (VMC).
Continue Reading Intelligent Tech Channels
While COVID-19 is hurting in-store traffic for most American retailers, e-commerce sites have experienced a huge surge in activity.
Continue Reading USA Today
To safeguard the data that drives their key business processes, organizations need to restrict access to confidential information, classifying documents and other information, based on the user’s level of authentication.
Continue Reading cio.economictimes.indiatimes.com
Lehi, Utah and San Francisco: DigiCert, Inc. and Valimail have announced that they are partnering to help companies prepare for Brand Indicators for Message Identification (BIMI), a new standard currently in pilot that allows companies to display a verified logo in emails with a Verified Mark Certificate (VMC).
Continue Reading Vigilance Security Magazaine
DigiCert, a world’s leading provider of TLS/SSL, IoT and other PKI solutions, and Valimail, a leading provider of identity-based anti-phishing solutions, has announced that they are partnering to help companies prepare for Brand Indicators for Message Identification (BIMI), a new standard currently in pilot that allows companies to display a verified logo in emails with a Verified Mark Certificate (VMC).
Continue Reading Intelligent Tech Channels
LEHI, Utah and SAN FRANCISCO, June 23, 2020 /PRNewswire/ — DigiCert, Inc., the world’s leading provider of TLS/SSL, IoT and other PKI solutions, and Valimail, the leading provider of identity-based anti-phishing solutions, today announced that they are partnering to help companies prepare for Brand Indicators for Message Identification (BIMI), a new standard currently in pilot that allows companies to display a verified logo in emails with a Verified Mark Certificate (VMC).
Continue Reading Website Gear
Identity and privacy are essential for protecting digital transactions. Today they are even more critical. Brian Trzupek, Senior Vice President, Emerging Markets at DigiCert shares how with the right strategy, organizations can get in front of challenges while building a foundation for compliance with PKI.
Continue reading ToolBox
It’s not news that transformative technologies like blockchain, the internet of things (IoT) and e-commerce are changing the way we work, live and do business. What do all of these innovations have in common? All are based on trust models that ultimately depend on identity.
Continue reading Yahoo Finance
Companies are preparing to comply with VMC/DMARC using Brand Indicators for Message Identification (BIMI). Valimail and DigiCert have come together to support companies in their effort to get BIMI-ready in quick time. BIMI is the new gold standard in pilot that help companies to display their brand insignia, such a logo or an emblem in emails with a VMC stamp.
Continue reading martechseries.com
DigiCert is partnering with Valimail to help firms embrace BIMI (Brand Indicators for Message Identification), an email security standard that helps brands display a logo in their email subject lines with Verified Mark Certificates (VMCs).
Continue reading MediaPost
Lehi, Utah and San Francisco – (June 23, 2020) – DigiCert, Inc., the world’s leading provider of TLS/SSL, IoT and other PKI solutions, and Valimail, the leading provider of identity-based anti-phishing solutions, today announced that they are partnering to help companies prepare for Brand Indicators for Message Identification (BIMI), a new standard currently in pilot that allows companies to display a verified logo in emails with a Verified Mark Certificate (VMC).
Continue reading Security Boulevard
It’s not news that transformative technologies like blockchain, the internet of things (IoT) and e-commerce are changing the way we work, live and do business. What do all of these innovations have in common? All are based on trust models that ultimately depend on identity.
Continue reading Forbes
Predators are opportunists. This is true whether the predators are wild animals, like the lions, bears, and wolverines on survival reality TV shows like Naked and Afraid and Alone, or are cybercriminals using the novel coronavirus pandemic to attempt to pry data and money from people. Companies must protect data with remote email security as more employees work from home.
Continue Reading Dark Reading
Frost & Sullivan recognized DigiCert with the 2020 Global Company of the Year Award, based on its recent analysis of the global transport layer security (TLS) certificate market.
Continue Reading Here
Digicert offers a variety of SSL certificates to accommodate any organizational structure and fulfill their specific needs. They supply you with the tools to configure any Platform/OS combination, giving the organization security and visibility benefits all while offering a range of encryption bit lengths based on the specific browser being used.
Continue Reading Security Boulevard
This article is for anyone who seeks a better understanding of SSL certificates, and how they provide security for both Public Internet and Enterprise Intranet connections.
In particular, the aim is to give you a complete overview of the Secure Socket Layer (SSL) protocol and certificates to help you make the best decisions regarding certificate management.
Continue Reading nationalcybersecuritynews.today
In this episode of the podcast (#185), DigiCert Chief Technology Officer Jason Sabin joins us to talk about how the COVID epidemic is shining a spotlight on the need for strong digital identities – for everything from virus contact tracing to remote work.
Continue Reading Security Ledger
Internet security firm DigiCert, the largest global provider of identity verification and encryption solutions, has announced the appointment of Jason Sabin as its Chief Technology Officer, taking over from Dan Timpson. Sabin, who has been with DigiCert since 2012, previously served as VP of Research and Development, Chief Security Officer and Chief Information Officer. As CIO, he led the company’s shift towards the SaaS and cloud services model.
Continue reading at People Matters
Frost & Sullivan recognizes DigiCert with the 2020 Global Company of the Year Award, based on its recent analysis of the global transport layer security (TLS) certificate market. DigiCert has exhibited strong market leadership in its growth, supporting the adoption of new standards and continually innovating with the industry’s best, most modern public key infrastructure (PKI) technology. In addition to the strength in the TLS/SSL market, the company is also focused on new security technologies, such as protecting devices in the Internet of Things (IoT) and developing implementations of post-quantum cryptography (PQC). By developing these technologies and helping define standards to address new security use cases, the company is strengthening its leadership position within internet security.
Continue reading at VARINDIA
Post quantum cryptography (PQC) is rightly being heralded as our main defence. PQC algorithms that can effectively protect against Quantum attack and plug into existing Public Key Infrastructures (PKI) are being eagerly awaited by governments and enterprises alike.
Continue reading at Digitalisation World
DigiCert has received the 2020 Global Company of the Year Award by Frost & Sullivan, with specific focus on its global transport layer security (TLS) certificate market.
Frost & Sullivan states that by developing technologies and helping define standards to address new security use cases, the company is strengthening its leadership position within internet security.
Continue reading at SecurityBrief
LONDON, May 21, 2020 /CNW/ — Frost & Sullivan recognizes DigiCert with the 2020 Global Company of the Year Award, based on its recent analysis of the global transport layer security (TLS) certificate market. DigiCert has exhibited strong market leadership in its growth, supporting the adoption of new standards and continually innovating with the industry’s best, most modern public key infrastructure (PKI) technology. In addition to the strength in the TLS/SSL market, the company is also focused on new security technologies, such as protecting devices in the Internet of Things (IoT) and developing implementations of post-quantum cryptography (PQC). By developing these technologies and helping define standards to address new security use cases, the company is strengthening its leadership position within internet security.
Continue reading at TMCnet
DigiCert, the globally renowned provider of TLS/SSL, IoT and PKI solutions, has named Jason Sabin as the company’s new Chief Technology Officer. Sabin has been serving as Chief Information Officer at DigiCert since 2017 and has held a number of other executive roles at the company, including Chief Security Officer and Head of Research and Development (R&D).
Continue reading at SecurityInformed.com
Frost & Sullivan recognises DigiCert with the 2020 Global Company of the Year Award, based on its recent analysis of the global transport layer security (TLS) certificate market. DigiCert has exhibited strong market leadership in its growth, supporting the adoption of new standards and continually innovating with the industry’s best, most modern public key infrastructure (PKI) technology. The company is also focused on new security technologies, such as protecting devices in the Internet of Things (IoT) and developing implementations of post-quantum cryptography (PQC) in addition to the strength in the TLS/SSL market. The company is strengthening its leadership position within internet security by developing these technologies and helping define standards to address new security use cases.
Continue Reading Cyber Security Asean
98 percent of IoT Traffic is unencrypted . When I read that statistic – published by Palo Alto Networks in their Unit 42 2020 Threat report – I should have been shocked, says Mike Nelson,VP of IoT Security at DigiCert.
Continue Reading The Evolving Enterprise
Nearly two decades ago, this writer worked as a transcriptionist who converted the audio wav files of CEOs and CFOs in conference calls into text. The work entailed repeatedly listening to C-level personnel who made no effort to speak more audibly and clearly.
Continue Reading digiconasia.net
Even before the current global crisis, organizations were already looking to innovate and digitize their business documents to save time and money. In the landscape of global remote working, it is important to maintain business continuity, but with many physical buildings closed, this creates a unique problem for industries where a written signature is typically needed for documents.
Continue Reading digiconasia.net
Stay-at-home measures taken in the wake of the novel coronavirus pandemic are opening more doors for cybercriminals. As the number of remote employees has climbed so have criminal attempts to access email. Companies are at risk unless they adopt email security tools, which slam the door shut on cybercriminals.
Continue Reading IT Briefcase
In the environment of remote working, it is important to maintain business continuity. Even before the current global crisis, organizations were looking to innovate and digitize their business to save time and money. With many physical buildings closed, this creates a unique problem for industries where there is typically a written signature needed.
Continue Reading The Cyber Security Place
By Brian Trzupek, VP of Emerging Markets at DigiCert
Remote Mobile Device Management (MDM) solutions help companies manage and secure connected devices for remote workers
Continue Reading spiceworks.com
Even before the coronavirus outbreak, employees were increasingly working from home. According to the Federal Reserve, the percentage of the labor force working from home tripled in the last 15 years.
Continue reading CRN
As we saw when the world began rushing to panic buy toilet paper, one of the main ways people are responding to the COVID-19 global pandemic is by changing their shopping habits.
Continue reading India Times
Security vendors, he says, need to do a better job connecting their solutions to open platforms so that teams like his can share data and build a common dashboard across teams. And they should also be working to continuously improve usability over time.
Continue reading Dark Reading
Mobile and online banking have been on the rise in recent years. Physical banking branches and automated teller machine footprints are rapidly being supplanted by digital distribution and service delivery.
Continue reading at cybersecasia.net
Companies are already preparing to deal with quantum threats. Tim Hollebeek, Industry and Standards Technical Strategist, DigiCert, explains how Quantum Key Distribution (QKD) has been hailed as a potentially effective solution to quantum threats.
Continue reading at intelligentciso.com
Even before the coronavirus outbreak, employees were increasingly working from home. Since the World Health Organization declared COVID-19 a pandemic, many companies are asking their employees to work from home. As more people log into networks from home, there is an increased risk of opening doors to hackers. Additionally, hackers are using this pandemic as yet another surface to deploy their attacks. In this environment, it is more important than ever to practice good security habits.
Continue reading at The CyberSecurity Place
As we saw when the world began rushing to panic buy toilet paper, one of the main ways people are responding to the COVID-19 global pandemic is by changing their shopping habits. But what started with stores struggling to stock their shelves is now shifting to online orders and deliveries.
As more people take advantage of shopping online, it is increasingly important to keep the internet a safe place for transactions. Here are a few tips to help:
Continue reading at The CyberSecurity Place
Not even COVID-19 can keep the scammers away. Seemingly overnight most areas are on lock down and offices dark; yet just as quickly, hackers began taking advantage of the difficult situation we find ourselves in. From impersonating healthcare workers to creating bogus apps claiming to have the cure for COVID-19, bad online actors are actively looking for opportunities to benefit from the sudden rise of online activity and our heightened state of emotion.
Continue reading at chelseakrost.com
As diagnosed cases of the coronavirus increase globally, “social distancing” and “flattening the curve” have entered the common lexicon—and earned hashtag status in the United States. Many companies are doing their part to support government directives by encouraging employees to work from home.
Continue reading at HR Daily Advisor
Just because quantum computing is a few years away doesn’t mean that you should avoid thinking about how to deal with this emerging threat now with quantum resistant algorithms
Continue reading at Security Boulevard
Mobile and online banking have been on the rise in recent years. In Singapore, it’s been seen that physical branches and ATM footprints are rapidly being supplanted by digital distribution and service delivery, according to the Singapore Business Review.
Continue reading at CyberSecurity Asean
Hackers will take advantage of any vulnerability they can find. Amidst the pandemic of COVID-19, attackers are taking advantage of the alertness of the world population with phishing emails, social media posts, apps and text messages containing malware. These scams typically involve fraudsters impersonating healthcare officials.
Continue reading at Analytics Insight
As we saw when the world began rushing to panic buy toilet paper, one of the main ways people are responding to the COVID-19 global pandemic is by changing their shopping habits. But what started with stores struggling to stock their shelves is now shifting to online orders and deliveries.
Continue reading at Disruptive Asia Reading
As diagnosed cases of the coronavirus increase globally, “social distancing” and “flattening the curve” have entered the common lexicon—and earned hashtag status in the United States. Many companies are doing their part to support government directives by encouraging employees to work from home.
Read more HR Daily Advisor
When the clock ticked over to 2020, it ushered in a decade that experts such as the National Institute of Standards and Technology predict a commercially viable quantum computer will advance life-changing research and break existing cryptographic algorithms. Recently, surveyed IT directors, managers and specialists think the day a quantum computer can crack existing cryptography could come sooner than predicted. The survey shows that 71% of experts expect it’ll happen by 2025, according to DigiCert.
Read more Internet of Things Agenda
Today’s enterprise IT infrastructures are more diverse, dynamic and complex than ever. Environments that were once primarily on-premises now include multiple clouds, IoT devices and mobile users. The network perimeter has evolved and expanded from an internally controlled, private, locally managed network to external internet circuits and public clouds — and users with multiple devices who can be located anywhere in the world.
Read more Forbes
As we saw when the world began rushing to panic buy toilet paper, one of the main ways people are responding to the COVID-19 global pandemic is by changing their shopping habits. But what started with stores struggling to stock their shelves is now shifting to online orders and deliveries.
Read more Cybersecurity Asean
You heard it here first: 2020 is going to be the year of BIMI.
That’s the way it looks after today’s announcement that DigiCert has issued the first Verified Mark Certificate (VMC) for a domain that sends email at scale: CNN.com.
The news is important in two ways.
Read more Email Insider
The Verified Mark Certificate is expected to become a requirement for brands adopting the BIMI email standard.
Read more Martech Today
CNN has been issued a new digital certificate that uses logo verification to prove emails sent from a particular domain are genuine.
The certification of the American news channel with a Verified Mark Certificate by DigiCert, Inc. marks the first time a VMC has been issued for a domain that sends emails at scale.
The news follows the announcement on September 4, 2019, that Entrust Datacard had become the first certification authority (CA) to issue a VMC.
Read more Info Security
Learn about BIMI — a new email standard that could boost your email visibility, build customer trust, and help fight phishing
If your job is related to email marketing, terms such as MX, PTR, SPF and DKIM are likely to be your bread and butter. If you’re not familiar with these terms, though, let me give you the quick summary: These records protect you and your customers from spam and help email servers (such as Yahoo, Gmail, etc.) trust your server.
Read more SSL Store
Today’s enterprise IT infrastructures are more diverse, dynamic and complex than ever. Environments that were once primarily on-premises now include multiple clouds, IoT devices and mobile users. The network perimeter has evolved and expanded from an internally controlled, private, locally managed network to external internet circuits and public clouds — and users with multiple devices who can be located anywhere in the world.
Continue reading at Forbes
When the clock ticked over to 2020, it ushered in a decade that experts such as the National Institute of Standards and Technology predict a commercially viable quantum computer will advance life-changing research and break existing cryptographic algorithms. Recently, surveyed IT directors, managers and specialists think the day a quantum computer can crack existing cryptography could come sooner than predicted. The survey shows that 71% of experts expect it’ll happen by 2025, according to DigiCert.
Continue reading at IoT Agenda
The network is no longer as simple as it was. Where there once was a geographically defined perimeter, walled in with bricks and mortar and propped up by a handful of endpoints and servers – there now sits something much more complex. As Enterprise IT has evolved so too has the difficulty in managing it. For all of the benefits that technological advancement has wrought, each has created new problems.
Continue reading at ProSecure News Online
IoT products offer many conveniences but there are massive amounts of data being transferred to and from these services vulnerable to attack if left unsecured. In this podcast, Mike Nelson, Vice President of IoT Security at DigiCert, talks about the growing insecurity of IoT devices and what we should do about it.
Continue reading at HelpNet Security
Many employees are currently working from home. This article explores three technology best practices to protect your remote workers and your company’s data from the cybercriminals crawling out of the woodwork during the coronavirus crisis.
A global pandemic like the novel coronavirus brings out both the best and worst in people. Healthcare workers are heroically working long hours treating patients, bearing badges of their commitment in the red grooves worn into their faces from masks. Companies are doing their part to “flatten the curve” of COVID-19 by supporting their remote employees. Unfortunately, cybercriminals are attempting to take advantage of this influx in remote employees with new threats.
Continue reading at Toolbox Tech
Let’s talk about digital identity with Dean Coclin, Senior Director, Business Development at DigiCert.
Continue reading at ubisecure.com
Even before the coronavirus outbreak, employees were increasingly working from home. Since the World Health Organization declared COVID-19 a pandemic, many companies are asking their employees to work from home. As more people log into networks from home, there is an increased risk of opening doors to hackers. Additionally, hackers are using this pandemic as yet another surface to deploy their attacks. In this environment, it is more important than ever to practice good security habits.
Continue reading at Cyber Security Asean
The MediaOps team was in full force at RSA Conference 2020, joining a crowd of practitioners, experts, analysts and others eager to catch up on the latest advances in cybersecurity and take the pulse of the market in general. As in years past, our Digital Anarchist video booth was popular among attendees, who stopped by to hear what our lineup of guests had to say.
Continue reading at Security Boulevard
After a California device security law went into effect at the start of this year, one of the open questions was whether each individual IoT product needed a unique hardware identifier. One of the people I spoke with from the chip world said that could be prohibitively expensive for companies, as it would require them to flash firmware onto a device individually as opposed to in batches.
Continue reading at Stacey on IoT
DigiCert, Inc., the world’s leading provider of TLS/SSL, IoT and PKI solutions, is upgrading channel partners to DigiCert CertCentral Partner, a comprehensive TLS certificate management solution for cloud and hosted environments.
Continue reading at Security News Desk Americas
DigiCert, provider of TLS/SSL, IoT and PKI solutions for identity management and encryption, is upgrading channel partners to DigiCert CertCentral Partner, a comprehensive TLS certificate management solution for cloud and hosted environments.
Continue reading at Hosting Journalist
Genuinely stable and effective quantum computers may still seem like a far-off dream, despite much public hype, but the technology is advancing behind closed doors – and with it, a rush to generate quantum-resistant algorithm standards.
Continue reading at cbronline.com
One of the hardest parts of building any security infrastructure is dealing with exceptions. For every device that can run security agents and be monitored via API, you’re also going to have devices that are unmanaged and all but invisible to most security platforms. As the number of Internet of Things (IoT) devices increases in enterprises that lack of visibility is going to be even harder to manage. How can you secure something you have no access to?
Continue reading at gestaltit.com
After years of anticipation, advances in quantum computing are finally beginning to reach commercial applications. Last year, IBM introduced the IBM Q System One, the world’s first integrated universal quantum computing system designed for commercial use. In October 2019, Google claimed “quantum supremacy” when its computer successfully a task in 200 seconds that would have taken a traditional computer thousands of years to complete.
Continue reading at Forbes
The latest update to email authentication being called “DMARC 2.0”. Here’s what you need to know to get your email program in shape for BIMI.
Continue reading at Marketing Land
It now seems kind of quaint that cybercriminals go after computers. The kind of threats we now expect to have, have a much larger appetite.
A recent Freedom of Information request has revealed that London’s world-famous tourist attractions, such as the National History Museum, Kew Gardens and the Tate art galleries have been attacked over 109 million times in the last few years.
Read More Quantaneo
DigiCert has announced to upgrade channel partners to DigiCert CertCentral Partner, a comprehensive TLS certificate management solution for cloud and hosted environments. CertCentral helps partners customize and automate all stages of lifecycle management for their end customers, as well as easily deliver new features and solutions, while simplifying business management.
Read More Varindia
Wider use of Internet of Things systems that can make daily living safer, healthier and more convenient is on the immediate horizon. However, to fully capture the benefits of an IoT-centric economy, a cauldron of privacy and security concerns must first be quelled.
Read More The Last Watchdog
DigiCert, Inc. is upgrading channel partners to DigiCert CertCentral® Partner, a comprehensive TLS certificate management solution for cloud and hosted environments. CertCentral helps partners customize and automate all stages of lifecycle management for their end customers, as well as easily deliver new features and solutions, while simplifying business management.
Continue reading at Global Security Mag
At the CA/Browser (CA/B) Forum in Bratislava, Slovakia, this week, Apple announced that beginning Sept. 1, newly issued publicly trusted TLS certificates are valid for no longer than 398 days. This followed a long history of the CA/B Forum community working to reduce certificate lifetimes and improve security while balancing the needs of business owners in transitioning to shorter validity certificates.
Continue reading at gogetssl.com
Digicert introduced a new type of digital certificate on CNN.com that ensures corporate logos aren’t being used fraudulently and better identifies businesses to customers in emails by proving the authenticity of a logo. Secure Site Pro’s CT log monitoring service helps firms protect their brands from online fraud by logging and monitoring TLS certificates.
Continue reading at crn.com
Quantum computing might initially sound like a far-fetched futuristic idea, but companies such as Amazon, Google, and IBM are putting their weight behind it and preparations have begun. With quantum computing potentially within our reach, what will happen to our current security models and modern-day encryption? See what security experts are doing to prepare for quantum threats.
Continue reading at Jaxenter.com
Partners drive business success, create new avenues for upsell, and improve customer satisfaction by fully customizing and automating all stages of certificate lifecycle management for their customers
Continue reading at InvestorPoint.com
Just five years ago, the Public Key Infrastructure, or PKI, was seriously fraying at the edges and appeared to be tilting toward obsolescence. Things have since taken a turn for the better.
Continue reading at The Register
Just five years ago, the Public Key Infrastructure, or PKI, was seriously fraying at the edges and appeared to be tilting toward obsolescence. Things have since taken a turn for the better.
Continue reading at The Last Watchdog
Starting Sept. 1, Safari will no longer trust SSL/TLS certificates with validity periods longer than 398 days
Continue reading at The SSL Store
Some of the top management at Digicert have released their 2020 security predictions. Focusing overall on digital transformation, the predictions are divided into three sub-categories – Internet of Things (IoT), encryption and privacy.
Continue reading at The North America Security Market
In this episode of The Security Ledger Podcast (Episode #175), sponsored by Digicert: its been three years since the hacks made famous during the 2016 election, but online campaigns still struggle with basic security. Andrew Peterson of the firm Signal Sciences joins us to talk about why. Also: in part 2 of our podcast we’re joined by Dan Timpson, Chief Technology Officer at Digicert to talk about the fast expanding terrain of securing online identities in an age of ubiquitous computing, deep fakes and connected devices.
Continue reading at The Security Ledger
I predicted in December 2018 in this column, that 2019 would be the year of America’s Quantum Leap. Certainly the development of quantum computers continued apace, but there were also some key events that year that demonstrated that quantum technology is here to stay and will decisively shape all our futures.
Continue reading at Forbes
DigiCert Managers are built from the ground up to provide fast, flexible PKI deployment
DigiCert, Inc. announce two new PKI tools: IoT Device Manager and Enterprise PKI Manager. Unlike PKI applications of the past, both PKI managers use a container-based, cloud-agnostic implementation that ensures fast and flexible on-premises, cloud and hybrid PKI deployments. These new offerings are built on the DigiCert ONE platform.
Continue reading at Global Security Mag
Speaking at the DigiCert Security Summit in San Diego, DigiCert senior director of business development, Dean Coclin, said that “identity data is created on us all of the time,” but asked how protected it is.
Continue reading at Info Security
The future of security and privacy should be focused on the person and the impact upon them.
Speaking to Infosecurity at the DigiCert Security Summit in San Diego, DigiCert CEO John Merrill said that security is about privacy and trust, and who is on the other side, and there is more awareness of privacy thanks to regulations like GDPR.
Continue reading at Info Security
In collaboration with several other certificate authorities, DigiCert has proposed 4 enhancements to the EV SSL validation processes
Continue reading at thesslstore.com
Certificates have become a necessary technology across the enterprise as a mechanism to keep things secure. However, managing digital certificates can be anything but easy. After all, there are numerous certificate authorities, different types of certificates, expiration dates, application integrations, certificate ownership, and numerous other bits of meta-data that must be managed and accounted for when it comes to certificates.
Continue reading at eWeek.com
The internet of things is becoming a backbone for technology worldwide, and quantum computing is developing right alongside it. While quantum computing can bring the potential for development, there are also plenty of risks.
According to a DigiCert survey of 400 enterprise organizations across Japan, Germany and the United States, 55% believe that quantum computing and post Quantum Crypto is a ‘somewhat to extremely large’ security threat at the present time, with 71% it will only become more of a threat in the future.
Continue reading at Security Brief
Planning, preparing and implementing protection can take years and quantum is already on its way. Enterprises need to be able to get way ahead of the curve if they want to withstand it.
Continue reading at SC Media
Cybersecurity experts from Malwarebytes and DigiCert have identified the following 2020 Security Predictions for the APAC region:
Ransomware attacks on businesses and governments will continue at a more rapid pace, thanks to newly found vulnerabilities.
Continue reading at Disruptive Asia
With access to DigiCert CertCentral® for easy certificate management, Secure Site Pro provides advanced brand and website threat protection, as well as a new PQC test kit
LEHI, Utah (December 10, 2019) — DigiCert, Inc., the world’s leading provider of TLS/SSL, IoT and PKI solutions, today released a new CT log monitoring service for advanced brand protection. The service is available in DigiCert Secure Site Pro, the first TLS product to offer CT log monitoring along with other industry-leading features such as DigiCert’s recently unveiled post-quantum computing (PQC) test kit.
Continue reading at DevOps.com
CCPA is a pretty big deal if you do business with Californians.
Ready or not, the California Consumer Privacy Act (CCPA), the most comprehensive U.S. data privacy law to date, will go into affect on Jan. 1.
While the General Data Protection Regulation (GDPR) protects personal information (PI) that could potentially identify a specific individual, including name, address, telephone number and Social Security number, CCPA goes beyond that to include product purchase history, social media activity, IP addresses and household information.
Continue reading at Channel Futures
eWEEK TREND ANALYSIS: Amazon joined the quantum computing race by offering its cloud platform customers access to quantum hardware from three startups.
Quantum computers promise to solve the most complicated problems and equations that computers today cannot. But the promise is not all positive. The majority of global organizations see the emergence of quantum computing as a major threat to security, according to findings from DigiCert’s 2019 Post Quantum Crypto Survey.
Continue reading at eWeek.com
As quantum computing gains momentum with practical quantum computers due to come online as early as next year, concerns about post-quantum cryptography are pushed to the forefront.
Continue reading at TechTarget
Now that quantum computers are moving from theory into the realm of experimental, many cybersecurity professionals are starting to appreciate a simple fact: Computers capable of cracking the most sophisticated encryption algorithms are on the horizon.
Continue reading at Security Boulevard
DigiCert + QuoVadis has been certified in the Netherlands and Belgium to provide remote Qualified Electronic Signatures for customers using its cloud-based Digital Signing Service (DSS) platform.
QuoVadis, acquired by DigiCert in January 2019, is an accredited Qualified Trust Service Provider (QTSP) in the Netherlands and Belgium under the EU eIDAS regulation 910/2014 and is able to offer EU trust services to all member states, as well as in Switzerland under ZertES.
A malware downloader has been spotted using novel “Port Monitor” methods that have not been detected before inactive campaigns.
Dubbed DePriMon, the malicious downloader is used to deploy malware used by Lambert — also known as the Longhorn advanced persistent threat (APT) group — which specializes in attacks against European and Middle Eastern companies.
Continue reading at ZDnet
Depending on which article you’re reading, quantum computing is either nigh or a Big Lie perpetrated on the public by companies interested mostly in touting their own technology chops. But a survey of some 400 organizations by DigiCert suggests that IT professionals are taking the security threat posed by quantum computers seriously…even if they aren’t exactly sure what that threat is, or when it will arrive.
Continue reading at The Security Ledger
The certificate validates that a brand logo is trademarked when featured in BIMI emails.
Continue reading at Help Net Security
The verdict is in: quantum computing poses an existential threat to asymmetric cryptography algorithms like RSA and ECC that underpin practically all
Continue reading at Help Net Security
Governments and national assemblies the world over are currently in the process of drafting or enacting IoT regulations which aim to enhance security.
Continue reading at International Security Journal
QWAC standards are partly based on the CA/Browser Forum’s standard for Extended Validation certificates
Continue reading at Info Security
In this Spotlight Podcast, we broadcast from the Black Hat Briefings in Las Vegas Nevada. Dan Timpson, the Chief Technology Officer at DigiCert joins us to talk about some of the high profile hacks at this week’s “hacker summer camp” and the common weaknesses and security lapses that are common to all of them.
Continue reading at The Security Ledger/a>
While IoT has won plaudits from many for the positives it delivers, there is another side: the very real business repercussions that can come as a result of poor IoT security
Continue reading at Computing Security
The effective management of public key infrastructure (PKI) for enterprise IT teams is becoming more complex and cumbersome.
Continue reading at Forbes
HackerOne, a leading hacker-powered security platform, has announced the results of a study that revealed the majority of security professionals believe humans remain more effective than machines when it comes to securing digital assets.
Continue reading at iCISO
DigiCert is the world’s premier high-assurance digital certificate provider. The company simplifies SSL/TLS and PKI, and provide identity, authentication, and encryption solutions for the web and the Internet of Things (IoT).
Continue reading at Dark Reading
Not long ago, many IT leaders viewed IoT as little more than an interesting science project. Today, companies in every industry rely on IoT insights as part of their core business strategies.
Continue reading at IoT Agenda
The insurance industry has no policy to cover its investments in blockchain — those costs are sunk, so this is a make-or-break year to see if they will pay off.
Continue reading at Disruptor Daily
In this exclusive online interview, International Security Journal sits down with John Merrill, CEO of DigiCert to discuss the company’s commitment to preserving trust on the internet.
Continue reading at International Security Journal
Quantum computers will be able to instantly break the encryption of sensitive data protected by today’s strongest security, warns Arvind Krishna, director of IBM Research. “Anyone that wants to make sure that their data is protected for longer than 10 years should move to alternate forms of encryption now,” said Krishna.
Continue reading at eWeek
Y2Q. Years-to-quantum. We’re 10 to 15 years from the arrival of quantum computers capable of solving complex problems far beyond the capacity of classical computers to solve.
Continue reading at The Last Watchdog
“If there’s compute power enough to hold a cert on them, they should have a cert on”
Continue reading at CBR Online
Mit der Übernahme der schweizerischen QuoVadis erweitert Digicert sein Europageschäft. Außerdem investiert der Dienstleister derzeit viel in Forschung und Entwicklung und hat im vergangenen Jahr neue Rechenzentren gebaut und vorhandene modernisiert.
Continue reading at ZD Net
Machines and devices are everywhere, connected—and multiplying. These are the “things” of the Internet of Things, and today there are nearly three devices attached to the internet for every human on the planet. By 2025 that ratio will soar to 10 to 1.
Continue reading at Information Management
Cryptography is the secret sauce that keeps our lives livable in today’s world. Think about all the secure websites and applications that you use to do business or share information.
Continue reading at Gestalt IT
DigiCertは2018年1月31日に開催した年次カンファレンスにおいて、Microsoft Researchらと共に進めている耐量子コンピュータ暗号研究の背景と状況を紹介した。
Continue reading at atmarkit
Getting attacked is one thing, the resulting damages are another. Because as destructive as a cyber attack can be, what happens next makes the real difference. In this article, Mike Nelson explains how that difference is made by having your organization well-secured.
Continue reading at JAXenter
Scan the headlines and you’d think IoT is all about Bluetooth toasters and refrigerators that text you when your toast is going to burn or you’re out of milk. Analysts and investors know better.
Continue reading at IoT Agenda
In a recent joint release, DigiCert, provider of TLS/SSL, IoT and PKI solutions, Utimaco, hardware security module provider, and Microsoft Research, quantum-safe cryptography arm of the computing giant, announced a successful test implementation of the “Picnic” algorithm, with digital certificates used to encrypt, authenticate and provide integrity for connected devices commonly referred to as the Internet of Things (IoT).
Continue reading at IoT Evolution
The industry needs to keep in mind the realities of hardware limits and transitional growing pains, according to Microsoft, Utimaco researchers.
Continue reading at Dark Reading
Researchers from DigiCert, Utimaco, and Microsoft Research gives thumbs-up to a new algorithm for implementing quantum hacking-proof digital certificates.
Continue reading at Dark Reading
DigiCert is rolling out CertCentral Enterprise, a new certificate management platform for cloud and hosted environments.
Continue reading at Channel Partners
L’autorité de certification privée américaine Digicert rachète à Wisekey les services de PKI et de certificats numériques de QuoVadis qui intervient en Suisse et dans l’Union européenne.
Continue reading at Lemonde Informatique
Early 2020 sees Google, Microsoft, Mozilla and Apple drop support for TLS 1.0 and 1.1. Continuing to use them is all but asking to be breached, yet 21% of the Alexa Top 100,000 websites don’t use HTTPS.
Continue reading at SC Media
DigiCert has now officially completed its acquisition of QuoVadis Group from Swiss security firm WISeKey International.
Continue reading at Security Brief
Het Amerikaanse DigiCert, leverancier van TLS/SSL, internet of things- en andere pki-oplossingen, heeft de overname afgerond van de QuoVadis Group, voorheen onderdeel van het Zwitserse WISeKey. QuoVadis levert gekwalificeerde elektronische vertrouwensdiensten en -producten in de Europese Unie en Zwitserland.
Continue reading at IoT Agenda
With the arrival of USB-C a few years back, plugging into laptops, tablets and smartphones became even easier than before. Users no longer had to worry about which way up the cable needed to be before pushing the 24-pin connector into a device’s port, and could also look forward to fast data transfer and power delivery too. But there are potential security risks.
Continue reading at IoT Agenda
The USB Type-C authentication standard is moving forward in an effort to help protect systems against malicious USB devices.
Continue reading at eWeek
After a long battle against Google, DigiCert has finally managed to re-establish online trust for its Symantec security certificates.
Continue reading at Security Brief
While it’s still early days as far as the Internet of Things (IoT) market opportunity is concerned, a new survey suggests the opportunity surrounding IoT could be massive.
Continue reading at Smarter MSP
Even as the Internet of Things (IoT) makes major shifts in the world of both consumer and industrial electronics, it opens a door to soaring security threats. Electronics OEMs must safeguard both the manufacturing lines where they build connected products as well as the products they are making.
Continue reading at EBN
Your home security system. Air condition system. Your car. Why, even your coffee maker. Almost every imagine digital appliance is now connected to the Internet. The era of connected things has arrived.
Continue reading at IoT Central
This week on the show, Kevin and I talk about Lowe’s putting the Iris smart home system on the block, Apple buying Silk Labs and why now is a perfect time to pull the trigger on the smart home device you’ve been eyeing.
Continue learning at Stacey on IoT
DigiCert, a leader in the digital certificate world, recently conducted a survey on the use and security around Internet of Things (IoT). In this DevOps Chat, we spoke with Mike Nelson, VP of IoT Security at DigiCert. Mike explained the results of the IoT security survey as well as the key things that the top-tier companies are doing that sets them apart.
Continue reading at Security Boulevard
Investments in IoT security can have significant positive business implications, a recent survey from DigiCert finds.
Continue reading at IoT Agenda
A new study claims that enterprises have started sustaining significant monetary losses due to lack of good practices as they are advancing by integrating IoT into their business models.
Continue reading at IoT News
IoT security concerns indicate a potential opportunity for solution providers brave enough to venture into managed security.
Continue reading at Channel Futures
Survey results were then divided into tiers; the top tier companies reported the least problems with IoT security issues, while the bottom tier organizations were much more likely to report difficulties mastering specific aspects of IoT security.
Continue reading at The Last Watchdog
The struggle to secure the IoT is a serious and difficult one, according to an enterprise IoT security study conducted by security technology company DigiCert.
Continue reading at Telecompetitor
survey finds vast differences in security practices linked to IoT devices in the enterprise, with attacks concentrating on insecure IoT endpoints.
Continue reading at The Security Ledger
Even as enterprises across the globe hustle to get their Internet of Things business models up and running, there is a sense of foreboding about a rising wave of IoT-related security exposures. And, in fact, IoT-related security incidents have already begun taking a toll at ill-prepared companies.
Continue reading at Security Boulevard
Enterprises have begun sustaining significant monetary losses stemming from the lack of good practices as they move forward with incorporating the IoT into their business models, according to a new study from DigiCert.
Continue reading at HelpNet Security
Digicert a leader in the digital certificate world recently conducted a survey on the use and security around Internet of Things (IoT). In this DevOps Chat we spoke with Mike Nelson, VP of IoT Security at Digicert. Mike explains the results of the survey as well as what are the key things that the top tier companies are doing that sets them apart.
Learn more at DevOps Soundcloud Channel
DigiCert Chief Technology Officer Dan Timpson designs scalable authentication and encryption systems for a quality, secure user experience.
Continue reading at IoT Agenda
Chrome 70 comes out today. Most people who use Google’s popular browser will receive the update, and either won’t realise or won’t especially care about the changes it contains.
Continue reading at Naked Security
The National Cybersecurity Center of Excellence unveiled this week an initial set of vendor partners for a medical device security project called Securing Picture Archiving and Communication Systems.
Continue reading at Health IT Security
If you’re trying to shift your existing technology to the cloud and patch it like a quilt, stop right there. Instead, follow these key takeaways from SecTor about managing security and compliance gaps in enterprise cloud environments.
Continue reading at Expert IP
The Payment Card Industry (PCI) council have spoken. Early versions of Transport Layer Security (TLS) and Secure Sockets Layer (SSL) are now being forced into obscurity by the Payment Card Industry Data Security Standard (PCI DSS) 3.2.1, pushed there by years of security failures and a technological horizon in which those failures will simply not be acceptable.
Continue reading at Infosecurity Magazine
Help Net Security sat down with Jeremy Rowley, Executive Vice President of Product at DigiCert. He leads the company’s product development teams serving its TLS and digital certificate clients for web communications and emerging markets clients that require security solutions for the Internet of Things, U.S. federal healthcare exchange, advanced Wi-Fi and other innovative technology sectors.
Continue reading at Help Net Security
All Symantec-issued digital certificates will be deprecated on Google Chrome by mid-October. Former Symantec customers must ensure their websites are compliant.
Continue reading at SCO Online
An IoT breach can involve multiple vulnerable systems and applications in an owner’s environment, dispersing levels of responsibility; ultimately the courts will decide and consumers bear the consequences.
Continue reading at SC Media
Quantum computing threats are on the horizon, but DigiCert, Gemalto and ISARA have teamed up to develop new quantum-proof digital certificates and remake the PKI industry.
Continue reading at TechTarget
As quantum computing power grows, so too does the risk to currently deployed cryptographic algorithms, which is why DigiCert, Gemalto and ISARA are now working together to prepare for the future.
Continue reading at eWeek
In 1995, kids everywhere fell in love with Woody and Buzz, ultimate frienemies from the Pixar film Toy Story. This first-of-its-kind animation had millennials enthralled by the idea of their toys coming to life. But, as they say, be careful what you wish for. Just a generation later, those same millennials who dreamed of lifelike toys are now trying to protect their kids from, well… lifelike toys.
Continue reading at HealthIT Security
Alleged North Korea spy Park Jin Hyok is the latest person to face cybercrime charges as part of several high-profile cases brought by US Department of Justice against cybercriminals and other assorted bad actors.
Continue reading at HealthIT Security
fa
Wirelessly connecting infusion pumps to point-of-care medication systems and EHRs improves healthcare delivery but also increases cybersecurity vulnerability, warned NIST and NCCoE in a new guide.
Continue reading at Hospitality Technology
fa
With so many issues competing for an IT security professional’s time, it’s difficult to find time for future planning. That being said, now is the time of professionals to have quantum computing on the radar.
Continue reading at CSO Online
fa
Wirelessly connecting infusion pumps to point-of-care medication systems and EHRs improves healthcare delivery but also increases cybersecurity vulnerability, warned NIST and NCCoE in a new guide.
Continue reading at HealthIT Security
fa
In a move to blanket the Internet with encrypted website traffic, Google is moving forward with its insistence that straggling website publishers adopt HTTPS Secure Sockets Layer (SSL).
Continue reading at The Last Watchdog
In this episode of The Security Ledger Podcast (#107): Hacker Summer Camp takes place in Las Vegas this week as the Black Hat, DEFCON and B-Sides conferences take place. We’re joined by DigiCert Chief Technology Officer Dan Timpson to talk about the presentations that are worth seeing. And, in our second segment, The Department of Homeland Security launched a new Risk Analysis Center that sounds a whole lot like some programs it already runs. Is this bureaucratic overkill or is DHS on to something?
Continue reading at The Security Ledger
Any effort to overhaul the cyber security of connected medical devices is likely to take considerable time and energy. Given that many of them are made to last decades, securing them while they’re in use can make turning an ocean liner look positively nimble.
Continue reading at Security Boulevard
As the sheer number of connected devices continues to rise, securing these devices, and becoming “crypto agile” is a key component of an organization’s effort to become more agile. Read on to discover how to improve your organization’s cyrpto-agility.
Continue reading at CSO Online
Is the cloud right for everyone? That, says one leading observer, is the wrong question. “Like any evolutionary development, it’s our current reality.” But woe betide those who fail to take every security measure along the way
Continue reading at Computing Security
Lawyers will no longer be allowed to certify someone’s ownership of an internet domain name, and the public Whois no longer represents proof of ownership, when it comes to assigning security certificates to site owners.
Continue reading at The Register
Healthcare cybersecurity is facing two problems – neither of which can be solved using better technology alone. In fact, these problems have more to do with economics than cybersecurity.
Continue reading at HITECH Answers
A looming deadline – now less than three weeks away – means that Google Chrome users who visit unencrypted websites will be confronted with warnings.
Continue reading at The Register
While some complicate its definition, cloud computing is “any computer-based event that takes place outside your internal network”, points out Mike Ahmadi, CISSP, global director – IoT Security Solutions at DigiCert. “It’s allowed us to connect like never before. But the greater the connection, the higher the stakes. The cloud as we know it wasn’t born from a massive project; it evolved organically as connectivity skyrocketed. Networks gradually became more interconnected, giving us the 99.999% uptime we’ve come to expect.”
Continue reading at Computing Security
Data is the new currency. In fact, most of our financial transactions today are pure data exchanges.
Continue reading at Intelligent CIO
The security industry can play a lead role in providing the tools to make it easier for IoT manufacturers and organizations to make “security by default” a business priority.
Continue reading at IoT Agenda
A few weeks ago, I stayed at a hotel in Las Vegas. I’m always nervous when I open the door to my room. What if it’s not as clean as I’d hoped? What if I discover something mildly disturbing? What I found this time wasn’t alarming, but it was surprising.
Continue reading at IoT Agenda
There’s no slowing down the growing Internet of Things. However, security concerns are becoming an unavoidable problem for consumers. Mike Nelson, VP of IoT Security, DigiCert shares his wisdom about IoT security and fighting back with Public Key Infrastructure.
Continue reading at IoT Agenda
There’s an epidemic of insecure Internet of Things devices. But why? And what is the shortest path to ending that epidemic? In this Spotlight Edition* of The Security Ledger Podcast, we speak with Deepika Chauhan, the Executive Vice President of Emerging Markets at DigiCert. Her job: forging new paths for the use of public key encryption to secure Internet of Things ecosystems.
Continue reading at SecurITy Ledger
DigiCert CEO John Merrill discusses the implications of Google’s plan’s to distrust Symantec certificates and what his company has done to help with the impending deadlines.
Continue reading at CSO
DigiCert Inc. announced a major milestone: less than 1 percent of the top 1 million sites have yet to replace Symantec-issued certificates affected by upcoming browser distrust action. Mozilla released figures from its latest telemetry report earlier this week showing 1 percent with certificates to be untrusted.
Continue reading at App Developer Magazine
One word summarizes the challenge of securing the Internet of Things (IoT): scale.
It’s actually a two-fold challenge. The first issue is the sheer number of IoT devices connected to the internet — a total that continues to grow every year. Gartner estimates that number will reach 26 billion by 2020. Secondly, how can device manufacturers and security providers possibly scale the process of identifying and authenticating each and every one of those devices?
Continue reading at Forbes
Less than 1% of the top 1 million websites have yet to replace Symantec-issued certificates before major browsers distrust them, DigiCert announced this week.
Continue reading at Security Week
Today, at CloudFest 2018 in Rust Germany, certificate authority [CA] provider DigiCert is announcing enhancements to its Certified Partner Program. The key objective here was to integrate the massive swell of channel partners that came as the result of DigiCert’s October 2017 acquisition of Symantec’s Website Security business and related PKI solutions – which more than quadrupled the number of DigiCert partners.
Continue reading at Channel Buzz
DigiCert Tuesday unveiled its enhanced Certified Partner Program, the first phase of an ongoing effort to work with partners and provide added benefits from the company’s acquisition of Symantec’s website security and related PKI services.
Continue reading at Channel Partners Online
All the tools are in place for the migration of SSL digital certificates on a scale that is unprecedented for the certificate authority industry. Are you ready?
Continue reading at Dark Reading
DigiCert has been selected to host the Root CA for Aeronautical Mobile Airport Communication System (AeroMACS), the only wireless technology that has been validated by major international regulatory bodies to support the safety and regularity of flight.
Continue reading at Digitalisation World
Public Key Infrastructure (PKI) certificates have long served as the optimal method for securing the servers on the web and, increasingly, Internet of Things (IoT) devices. Deploying and updating PKIs used to be a largely manual process that required the time and attention of IT personnel. Today, there are tools that can automate those tasks, which makes securing the connections between networks, devices and their users simpler and more cost-effective.
Continue reading at Infosec Island
Securing all these IoT devices and their connections to corporate networks and other systems is an issue manufacturers – and the security industry as a whole – needs to address immediately.
Continue reading at CSO
It was a big year for DevOps adoption: Companies who are well down the path share advice.
Continue reading at The Enterprisers Project
DevSecOps is about introducing security earlier in the life cycle of application development, thus minimizing vulnerabilities and bringing security closer to IT and business objectives.
Continue reading at CSO
Last week DigiCert announced it had closed on the billion-dollar acquisition of Symantec’s security business previously announced in August of this year. The deal adds to DigiCert’s capable team some of the industry’s best talent and resources in the area of SSL/TLS certificates and related PKI solutions. As the world becomes more cloud and IoT-centric, these are security technologies that companies need to pay more attention to.
Continue reading at CSO
UK IoT security regulation encourages consumers to be more aware – IoT Now – How to run an IoT enabled business
The UK government is moving forward with its plans to create regulation for IoT devices. The move follows a broad global trend to try and lock down the bur
Continue reading at IoT Agenda
Google is making a big push to compel website publishers to jettison HTTP and adopt HTTPS Transport Layer Security (TLS) as a de facto standard, and it’s expanding use of this important encryption technology.
Continue reading at The Last Watchdog
DigiCert announced on Oct. 31 that is has completed the $950 million acquisition of Symantec’s website security and PKI (Public Key Infrastructure) business assets, which include the company’s SSL/TLS certificates.
Continue reading at eWEEK
DigiCert has addressed the concerns raised by Mozilla and others regarding the company’s acquisition of Symantec’s certificate business after some web browser vendors announced that certificates issued by the security firm would no longer be trusted.
Continue reading at Security Week
During a recent interview, I was asked “could you have picked a worse time to acquire Symantec’s Website Security business?” The interviewer was joking, but I understood the point. Not only are cyberattacks constantly growing in number and sophistication, but the debate within the browser community about trust in the Symantec certificates created uncertainty about the industry. Others questioned if DigiCert could handle the scale of Symantec’s operations.
Continue reading at Medium
I have spent the last decade talking about problems. I suppose the reason is because it seems to have gotten me a lot of attention. It wasn’t like that at first, but it eventually turned out that way.
Let me explain…
Continue reading at Huffington Post
“[Customers will] get a much better, more modern experience through our tools,” Merrill said.
Parallel groups focused on the integration have been formed in both DigiCert’s and Symantec’s web security business to ensure that the transition for channel partners is seamless, Martins said.
Continue reading at CRN
Identity and encryption solution vendor DigiCert has completed the acquisition of Symantec’s Website Security and related public key infrastructure [PKI] solutions, for $USD 950 million and a 30 per cent stake in itself. The move instantly makes DigiCert the global market leader in the space. It will also have significant channel ramifications. While DigiCert has been selling to very large enterprises, it did so through its direct arm. They expect that Symantec’s large enterprise-focused channel will significantly expand their enterprise business.
Continue reading at ChannelBuzz
The marketplace is demanding agility, but many enterprises perceive the need for agility as an ongoing security risk. If applications are constantly evolving, they assume, the process will constantly open up new avenues for attackers to exploit. This worry has given rise to a widespread misconception that security or agility is a binary choice.
Continue reading at Security Intelligence
In an effort to digitally transform their companies, the majority of enterprises are integrating their security teams into DevOps methodologies—or are trying to do so—a new survey finds. Faster app development can open a company to security risks, however. So how can enterprises increase both simultaneously? A new survey, “Making Security Agile” from scalable identity and encryption solutions provider DigiCert, addresses these questions. “Agility and security are not mutually exclusive, and integration requires a combination of technology improvements, and a cultural shift in how technical staff is aligned,” said DigiCert CSO Jason Sabin. “The DevOps methodology is not just a method for increasing speed, but [also] about improving efficiency, quality control and predictability in development outcomes.” The survey polled 300 U.S. enterprise executives (100 of whom are in IT management, 100 in DevOps and 100 in security) to see “whether their organizations are breaking down silos and inviting security to join the DevOps movement.”
Continue reading at CIO Insight
While the number of enterprises subscribing to cloud applications is increasing that doesn’t mean internal application development has gone away. Sometimes customization may be needed for a cloud application to meet business needs, and sometimes a custom application may have to be written.
While DevOps is still a fairly new concept to most enterprises and their development teams, security has been ingrained into the DNA of IT for some time. Now, some are trying to combine the two.
The inclusion of IT security into DevOps processes appears to be occurring at an accelerated rate. A new survey of 300 enterprise IT organizations published this week by DigCert, a provider of identity management and encryption software, finds that almost half (49 percent) of the respondents says they have completed DevSecOps, while another 49 percent say they are already working on it.
A combination of culture change, automation, tools and processes can bring security into the modern world where it can be as agile as other parts of IT.
A new DigiCert survey reveals that 98 percent of enterprises integrating their security teams into their existing DevOps methodologies. Or, at least they’re trying to.
An overwhelming majority of companies believe an integrated security and DevOps team makes sense, with 98% of survey respondents saying they are either planning to or have launched such an effort, according to a report released today by DigiCert.
Recent changes in internet service provider regulations and an increase in online fraud have spurred an increased interest in online privacy. Here are five tips to stay safe online.
Securing IoT is tricky business. IoT exploits include firmware spoofing, compromising hardware, man-in-the-middle attacks, interface exploits, and cloud hosted application hacks, among others. Businesses are not always ready for the unique security challenge posed by the massive deployment of IoT devices.
In-brief: Far from ‘breaking’ the public key encryption (PKI) model, the Internet of Things is poised to turbocharge PKI adoption and revolutionize online identity, DigiCert* CTO Dan Timpson writes.
If you wanted to make a movie about the Mirai botnet attacks of October 2016, you might call it “When Things Attack” or, maybe, “Revenge of the Webcams.” It’s amusing, in hindsight, to imagine the spectacle of hundreds of thousands of compromised webcams marching together in a massive, online army.
No. 24, DigiCert – Lehi, Utah
This Lehi, Utah-based certificate authority provides scalable systems for securing web servers and internet of things devices with encryption technologies or user ID and authentication tools. DigiCert IT employees work in a flexible environment that supports work/life balance. A culture of accountability prioritizes results more than time spent in the office, and the company offers generous employee and dependent care benefits to help IT staffers manage major life events. Members of the IT team are eligible to take advantage of travel incentives through which they can go on trips to relax and recharge while exploring new cultures and places around the world.
Scripts, code and other vulnerabilities in your company’s website could leak sensitive data or take you offline. Avoid it by checking yourself with these tools.
It’s such a weird thing to hear, it seems counter-intuitive: London City Airport is building a new air traffic control tower that will be completely digital and manned by a group of human controllers who will be over 100 miles away.
The WannaCry ransomware attack affected hundreds of countries and hundreds of thousands of systems, including health systems. Experts discuss what healthcare orgs need to do.
In the wake of the WannaCry ransomware attack, two cybersecurity experts suggest that if hospitals are not already using techniques such as multifactor authentication and public key infrastructure certificates, they need to head in that direction.
The National Institute of Standards and Technology has issued new guidance on securing wireless infusion pumps in hopes of hardening the devices against cyber attacks.
The federal agency issued the instructions in collaboration with the National Cybersecurity Center of Excellence (NCCoE), which is a unit within NIST.
New draft guidance from the National Institute of Standards and Technology calls for using commercially available, standards-based technologies to improve the security of wireless infusion pumps.
NIST issued a white paper on the same topic in 2014, but it was criticized for being too prescriptive (see Infusion Pump Security: NIST Refining Guidance).
Wireless infusion pumps are commonly used medical devices that can be potentially vulnerable to accidental and malicious tampering, posing both data security and patient safety risks.
Security certificates are designed to authenticate hosts. Browsers have become pretty good about understanding chains of authorities, and making users accept the risk when websites can’t prove the chain of authorities needed to verify they are who they say they are…
Mark Weiser, known to many as the father of ubiquitous computing, stated in an article he wrote for Scientific American in 1991 that, “The most profound technologies are those that disappear. They weave themselves into the fabric of everyday life until they are indistinguishable from it.” The Internet of Things is quickly achieving this status as we barely recognize all the devices that are both connected to the Internet and part of our lives.
But securing these IoT devices is not an easy task, and is one topic of discussion that must remain prominent because the ramifications from a security breach could be severe. Connected devices need to have strong identity attestation, authenticate all connections, and data must be encrypted to protect system integrity…IoT requires owner-controlled PKI security posture to provide independent security control over connected devices.
FAA Administrator Michael Huerta announced at the agency’s Unmanned Aircraft Systems Symposium in Reston, Virginia, a rulemaking effort that will lead to remote digital identification of drones and their pilots…
An effort by private industry to create a universal system for remote, digital drone identification was announced in December by AirMap, the company that launched with an online airspace recognition tool for remote pilots, collaborating with DigiCert Inc. Industry analyst Colin Snow wrote about the new technology this month, explaining in detail many implications for regulators, pilots, and other stakeholders.
In this podcast recorded at RSA Conference 2017, Jeremy Rowley, Executive VP of Emerging Markets at DigiCert, talks about automating PKI for the IoT platform and building scalable solutions for the IoT platform.
“I’m going to be talking about automating PKI for IoT platform and building scalable solutions for the IoT platform. So we have a lot of IoT devices that are being employed throughout the Internet. You have various connected vehicles, you have connected homes, you have connected cities – heck, you have even connected watches and everything else, right? But a lot of these devices don’t deploy security, meaning they’re subject to attacks. In 2015, for example, we saw attacks on various devices that include cars and medical devices and things like that. And in 2016 we even saw insulin pump taken over through a man in the middle attack where you could actually change the dosage and thus cause harm to the patient who’s wearing that insulin pump.”
“The question becomes: how do we secure these devices at scale when they’ve already been deployed or are being deployed as well as in an effective manner that can support manufacturers? ”
The rapid growth of the Internet of Things is outpacing security implementations, and the industry desperately needs to stem the tide of risks that come with it.
IDC estimates that, by 2020, the number of Internet-connected devices will surge past 200 billion. The sheer scale of this future Internet of Things means that it needs a strong security layer that is scalable, reliable and can be automated to meet the needs of a rapidly growing market.
Cryptography is one solution that can provide a strong security layer, with encryption and identity, at such a scale. And now, more than ever, security teams are looking to evolve public key infrastructure (PKI) to meet the challenges of IoT security.
In an RSAC TV interview during the 2017 RSA Conference in San Francisco, DigiCert VP of Emerging Markets, Jeremy Rowley, discussed what companies can do to better secure their Internet of Things devices using cryptography.
Medical devices can enter the organization through many different channels other than IT. Experts discuss medical device cybersecurity and the FDA’s guidance…The CISO at Intermountain Healthcare in Salt Lake City, Utah, explained that the influx of medical devices into health organizations, often without the knowledge of IT, may be adding to existing security problems. Experts agree that precautions concerning the cybersecurity of medical devices need to be taken on the part of the provider and the medical device manufacturer…
“What most healthcare [organizations] are doing right now is trying to wrap their arms around this new risk,” West said. “It’s significant.”
…”I think manufacturers have used the FDA potentially imposing additional regulatory burdens as a reason for not updating and doing patch management with their existing devices,” Nelson said. “But the FDA has now cleared this impediment.”
DigiCert announced the release of its DigiCert Auto-Provisioning solution to help appease the need for medical Internet of Things (IoT) device security. The tool provisions digital certificates at scale, regardless if an organization’s devices use open standards or support proprietary device enrollment protocols. The number of IoT and connected medical devices is rising rapidly and each device needs to be secured properly.
“Device authentication and encryption are critical to securing connected devices and the information they share, but many software implementations lack standard protocols for provisioning devices,” DigiCert CTO Dan Timpson said in a statement. “DigiCert Auto-Provisioning, powered by Device Authority, helps companies get certificates on a much wider range of IoT devices in a scalable, secure and automated way.”
The Food and Drug Administration’s recently issued final guidance on the post-market cybersecurity of medical devices outlines important steps that hospitals, clinics and others must take to better protect patient data and keep patients safe, say Karl West, CISO at Intermountain Healthcare, and Mike Nelson of DigiCert.
“An overarching theme of the guidance is to make sure a risk assessment is done, and for healthcare organizations … that’s a very important step in understanding the vulnerabilities and risks that are present in those devices,” Nelson points out in an interview with Information Security Media Group.
“Patient safety is, of course, a No. 1 risk and threat for us in cybersecurity with these devices, but at the same time, the security is critical because these devices can be leveraged and used as threat vectors to allow a [broader] breach,” West adds.
The modern IT landscape is filled full of secrets: There are certificates, SQL connection strings, storage account keys, passwords, SSH keys, encryption keys and more. And no matter what role one plays in the group—developer, admin, PKI manager—managing these secrets can become a high-stakes management headache.
Speaking at the DigiCert Security Summit 2017, Rashmi Jha, Microsoft program manager, said that getting a handle on secrets management is one of the No. 1 challenges in modern IT security. Too often, enterprises don’t even know when secrets are compromised, or even how they will be used—and it’s a self-inflicted issue.
There are thousands of medical devices in use today vulnerable to hacking. Hospitals, outpatient centers, healthcare practices and even patients in their homes use high-tech equipment every day to monitor care, improve patient outcomes, and save lives. However, these connected devices (and the data housed within them) are at risk for exploitation without proper authentication and encryption.
Speaking at the DigiCert Security Summit this week, Darin Andrew, senior PKI and solutions architect at DigiCert, and Scott Erven, senior managing director at PwC, ran through three common scenarios that leave these critical pieces of infrastructure wide-open to hackers—and how some of the danger can be mitigated using public key infrastructure (PKI).
As the number of connected devices rises toward an estimated 50 billion by 2020, security continues to lag behind—a lack of encryption, easy default passwords and a dearth of proper, automated user authentication plague the space. But the reason is simple—tools for doing this at scale are few and far between. DigiCert is tackling the issue with an Auto-Provisioning tool, powered by Device Authority.
With the continued push for interoperability and integration of EHRs into daily use, connected medical devices are quickly becoming more common tools for healthcare providers. However, similar to the way computer networks and systems can become vulnerable to data security issues, medical device cybersecurity threats can be especially dangerous for covered entities.
The Food and Drug Administration (FDA) monitors “reports of adverse events and other problems with medical devices” and has previously found potential cybersecurity issues in implantable cardiac devices. Healthcare organizations need to better understand the potential dangers of unsecured medical devices and ensure that they adhere to federal regulations while also staying mindful of recent guidelines designed to assist in creating strong medical device cybersecurity.
Starting in April, Oracle will treat JAR files signed with the MD5 hashing algorithm as if they were unsigned, which means modern releases of the Java Runtime Environment (JRE) will block those JAR files from running. The shift is long overdue, as MD5’s security weaknesses are well-known, and more secure algorithms should be used for code signing instead.
The CA Security Council applauds Oracle for its decision to treat MD5 as unsigned. MD5 has been deprecated for years, making the move away from MD5 a critical upgrade for Java users,” said Jeremy Rowley, executive vice president of emerging markets at DigiCert and a member of the CA Security Council.
ProtonMail, the privacy-focused email business, has launched a Tor hidden service to combat the censorship and surveillance of its users.
The move is designed to counter actions “by totalitarian governments around the world to cut off access to privacy tools” and the Swiss company specifically cited “recent events such as the Egyptian government’s move to block encrypted chat app Signal, and the passage of the Investigatory Powers Act in the UK that mandates tracking all web browsing activity”.
Speaking to The Register, ProtonMail’s CEO and co-founder Andy Yen said: “We do expect to see more censorship this year of ProtonMail and services like us…Given ProtonMail’s recent growth, we realize that the censorship of ProtonMail in certain countries is inevitable and we are proactively working to prevent this. Tor provides a way to circumvent certain Internet blocks so improving our compatibility with Tor is a natural first step.”
ProtonMail, the privacy-focused email business, has launched a Tor hidden service to combat the censorship and surveillance of its users.
The move is designed to counter actions “by totalitarian governments around the world to cut off access to privacy tools” and the Swiss company specifically cited “recent events such as the Egyptian government’s move to block encrypted chat app Signal, and the passage of the Investigatory Powers Act in the UK that mandates tracking all web browsing activity”.
Speaking to The Register, ProtonMail’s CEO and co-founder Andy Yen said: “We do expect to see more censorship this year of ProtonMail and services like us…Given ProtonMail’s recent growth, we realize that the censorship of ProtonMail in certain countries is inevitable and we are proactively working to prevent this. Tor provides a way to circumvent certain Internet blocks so improving our compatibility with Tor is a natural first step.”
The creators of encrypted email service ProtonMail have set up a server that’s only accessible over the Tor anonymity network as a way to fight possible censorship attempts in some countries.
ProtonMail was created by computer engineers who met while working at the European Organization for Nuclear Research (CERN). The service provides end-to-end encrypted email through a web-based interface and mobile apps, but the encryption is performed on the client side, and the ProtonMail servers never have access to plaintext messages or encryption keys.
On Thursday, Proton Technologies, the Geneva-based company that runs ProtonMail, announced that it has set up a Tor hidden service, or onion site, to allow users to access the service directly inside the Tor anonymity network.
The internet of things has drawn the attention of the White House and Congress amid growing concerns about the woeful state of IoT connected device security, most recently demonstrated when Mirai malware spread across botnets. Indeed, the lack of security in IoT devices portends a brave new world.
The concerns are warranted as the future of IoT presents millions of connected devices, each node gathering and storing its own individual data collections and sharing that information with other connected devices through wireless communication technology via the internet and the cloud. By infecting just one device and gaining unauthorized access to the network, a malicious actor can cause large-scale mayhem. Organizations must quickly figure out how to keep track of the IoT devices connected to their network and how to secure the transmission of data to and from those devices.
In today’s healthcare environment, practitioners are using state-of-the-art, high-tech equipment that delivers specialty services with better efficiency, accuracy, and overall quality. Using this technology, patients and doctors are also able to generate meaningful data that improves clinical outcomes and, ultimately, the patient’s quality of life.
Despite these improvements in the delivery of care, many healthcare experts are not aware of the vulnerabilities present in connected medical devices. Numerous devices lack proper authentication—the process of validating identities to ensure only trusted users, messages, or other types of services have access to the device. This allows untrusted users to gain access and potentially manipulate the device. Other devices lack basic encryption of the sensitive data being stored in or transferred from the device. These cybersecurity oversights can result in direct harm to the patients and healthcare providers using the devices…
This white paper discusses security risks inherent in IoT devices, and articulates how PKI can be used to mitigate these vulnerabilities and improve the security posture of connected medical devices.
Drones will start getting digital identification certificates under a new service being launched on Tuesday that hopes to bring trust and verification to the skies.
The Drone IDs will be SSL/TLS certificates from DigiCert issued through AirMap, a provider of drone flight information data, and will first be available to users of Intel’s Aero drone platform.
“We’re hoping that this can be used outside of just our services and help the industry raise the bar with respect to security,” said Jared Ablon, chief information security officer with AirMap.
The Certificate Authority Security Council (CASC) this week announced that the Code Signing Working Group released a set of minimal requirements that Certificate Authorities (CAs) should use for code signing…Microsoft, which has already adopted the new guidelines, will require all CAs that issue code signing certificates for Windows platforms to adopt the minimum requirements starting on Feb. 1, 2017.
Given that Microsoft’s Windows platform accounts for around 90% of the desktop operating system market, its decision to adopt the new guidelines and to ask CAs follow them is will likely have a great influence on other application software suppliers, which might follow suit, Jeremy Rowley, Executive Vice President of Emerging Markets, DigiCert, believes.
It’s a common sentiment of internet-connected device owners and even some manufacturers that the security of an individual device isn’t so important…Individual unsecured devices, especially consumer-facing ones, aren’t so dangerous by themselves, but they become more dangerous as a swarm. We witnessed just such a swarm on October 21, with the Mirai botnet assault on a portion of the Internet’s phone book (also known as a domain name server, or DNS) that shut down the internet on the East Coast.
When individual devices aren’’ secure, hacking into a large number of devices becomes as easy as hacking into one device. But a large portion of the threat can be mitigated if companies and developers follow security best practices, many of which are well established and can be practiced today.
It has been just over ten days since the massive Dyn Distributed Denial-of-Service (DDoS) attack that brought sites like Amazon and Twitter on their knees. The attack affected about 100,000 Internet of Things (IoT) devices and security firm Flashpoint has confirmed that some of the infrastructure responsible for the DDoS attacks against Dyn DNS were botnets compromised by Mirai malware. What is truly worrisome is that this could be sign of things to come.
We talk to Jason Sabin, Chief Security Officer at DigiCert on his thoughts on these attacks and what it means for the IoT devices sector. Jason frequently consults with device manufacturers on how to improve their security environment. He works closely with the DigiCert customers to develop innovative new platforms and features that simplify SaaS-based digital certificate management for the enterprise and IoT. He has filed more than 50 patents involving identity management and cloud security and many of Jason’s innovations are in use by several Fortune 500 companies today.
…While some streaming services have taken precautionary steps toward protecting consumers using streaming devices and systems, unfortunately many have not. Some still view security as an afterthought…To gain consumer trust, responsible organizations should take initiative to protect their media streaming service…
Security solutions need to be simple enough — even transparent — for users to actually use them. Companies like Plex have found solutions by partnering with a trusted certificate authority to implement PKI technology into their systems and platforms. Likewise, PKI can help solve the scalability challenges of IoT implementations that involve millions of connected devices and their associated credentials.
Interoperability for technology solutions is a top priority—standards used in these solutions become irrelevant when products operate in a silo. Thus, shifting to a new protocol in any solution takes careful consideration and collaboration by multiple parties in order to achieve a seamless operation.
One such protocol is Enrollment over Secure Transport (EST). EST provides secure digital certificate provisioning. Some of our products already support EST for digital certificates (e.g., Cisco IOS and IOS-XE), but EST endpoints don’t just operate by themselves. EST involves a certificate consumer and a certificate provider, usually called a Certificate Authority (CA). We needed to ensure that our EST solutions are compatible with third parties such as CAs, authentication servers, and endpoints.
To achieve that, Cisco collaborated with DigiCert to make sure Cisco’s EST implementations are interoperable with their CA. Today we want to share with you some lessons we learned from our testing.
Buying an Organization-Validated (OV) or Extended Validation (EV) SSL/TLS Certificate will enhance your website’s reputation, give customers the assurance they need to complete secure transactions with confidence, decrease cart abandonment rates, and build long-term customer loyalty…Establishing trust is mission critical…An SSL/TLS certificate provides the most basic level of trust—the padlock icon in the address bar of your customer’s browser…Not all SSL/TLS certificates are the same. Different kinds of certificates display different information. Some only show the domain name while others show more information about the company.
PKI is uniquely positioned to deliver on the necessary and critical security needs of the IoT. The Institute of Electrical and Electronics Engineers points out, “When you’re looking at authenticating devices, the only real standards at the moment that offer any real interoperability tend to be Public Key Infra- structure (PKI).”
Progress is finally happening in healthcare cybersecurity. Traditionally, healthcare has lagged behind other industries in enabling security controls, but amid reports of breaches, medical device vulnerabilities and the attention of federal regulators, innovative companies are advancing positive change.
Yet, legacy mindsets still threaten healthcare’s ability to stay ahead of evolving threats, especially as medical device manufacturers strive to innovate fast enough to address real security challenges. Medical industry boardrooms need to adopt policies that match today’s security landscape before patient harm or regulatory intervention forces their hand.
There are plenty of companies selling digital certificates to websites. Where DigiCert stands out is its focus on helping customers beyond that sale–from obtaining a certificate and its installation to monitoring and fixing any hiccups. “We help them control the entire certificate lifecycle, not just purchasing the certificate,” says DigiCert CEO Nicholas Hales.
The priority on service is true of DigiCert’s entire philosophy, Hales says, through every department and every employee.
“A lot of people look at customer service as strictly a number you call and someone answers the phone. That is customer service. A lot of companies look at it as a necessary evil,” he says. “We try to take the principles of the brick-and-mortar world in sales and marketing and bring them to the internet, where customer is king, and try to treat the customer as someone you’re providing the service to, not solving a problem for. So it’s not just the guy who answers the phone for support. It’s not just a guy who answers an email or message. It’s more than that: Every department within the company needs to be customer-centric and worry about what that customer experience is.”
“One of the keys to success is surrounding yourself with people who are brighter than you, who have knowledge in areas you don’t have.”
DigiCert has been named to the 2016 Online Trust Alliance (OTA) Honor Roll, marking the fifth consecutive year the company has been recognized for its leadership in online security and privacy.
“OTA commends DigiCert not only for achieving the Honor Roll for the fifth consecutive year, but more importantly, its commitment to collaboration in both the public and private sector,” said Craig Spiezle, Online Trust Alliance CEO and executive director in a press release.
Embedded device manufacturers have started focusing on devices that talk to each other — a car that knows when your musical choices based on your playlists on your mobile or a house that senses your mood based on your smartwatch notifications. Things are getting increasingly connected.
We are making our devices and our lives accessible but are we making them secure?…
The US Federal Trace Commission released guidelines for IoT manufacturers urges them to follow standards. Privacy Commissioner of Canada also seems to be taking note of the matter. Even though governments all over the world start to take cognizance of this threat, privacy experts warn users of trusting only certified and secure products from known vendors. The vendors need to increase their spending to get their IoT devices security audited and certified by trusted agencies. There are already IoT certifications being provided by companies like DigiCert that the vendors can aggressively use.
A recent Online Trust Alliance survey, sponsored in part by DigiCert, found that free e-file services may not be using best practices in security. The KSL-TV consumer team talks to DigiCert’s Flavio Martins about the report’s findings and what consumers can do to stay safe.
A recent Online Trust Alliance survey, sponsored in part by DigiCert, found that free e-file services may not be using best practices in security. The KSL-TV consumer team talks to DigiCert’s Flavio Martins about the report’s findings and what consumers can do to stay safe.
Interview with Jason Sabin, Chief Security Officer of DigiCert:
Security is a very important yet often overlooked component to online safety, especially with how easy it is to access sensitive data over bits and bytes and through vulnerabilities that have been exposed through code leaks. Jason Sabin came into his role at DigiCert, a certificate provider offering SSL, TLS, and PKI expertise, through unconventional means, but he’s passionate about what he’s done. It’s been great to learn about his business and DigiCert’s core competencies.
"TLS and SSL are a critical backbone of Internet communications today. Without them, you’d be open to a lot of vulnerabilities and problems,” says Jason Sabin
"As a go-to provider of IoT security solutions, we feel very confident of our growth prospects and our ability to provide the best certificate-based security solutions. The smartest companies are coming to us, and we’re working with them."
If you’re planning on filing your taxes online, caution is advised. An audit released this week by Internet security nonprofit the Online Trust Alliance found that 46 percent, or 6 out of 13 tax software websites in an IRS program, failed cybersecurity protocols. The websites are part of IRS Free File program, which lets anyone who made under $62,000 in 2015 file taxes electronically for free…Some of the websites had issues with lack of email authentication, according to the OTA, which lets cyber criminals send out phishing emails, fake emails purporting to be from a company. Other sites had vulnerabilities that could lead to personal information being stolen.
According to an independent survey by IDT911, a data security firm, some 63 percent of U.S. taxpayers polled believe that tax fraud "could never happen to me" — and aren’t that concerned by the prospect. The study also found that nearly 20 percent of U.S. filers haven’t ensured their wireless networks are secure when filing online.
"The sophistication of cybercriminals is a lot more advanced than a few years ago. It’s hard for the average consumer to tell [if a website or email is legitimate]," said Jason Sabin, chief security officer at DigiCert, a technology security firm…"This is not like school. Everyone can and should be on honor roll," Sabin said in a phone interview.
To protect personal data when e-filing taxes, experts suggest users look for clues that the website you are using is encrypted. Most browsers display either green in the browser bar, or a closed lock symbol, that shows users the site is secure.
Nearly half the firms that have agreements with the Internal Revenue Service to provide online tax-preparation and filing services are failing to protect customers’ privacy and security, according to an audit scheduled to be released Wednesday.
The audit by the nonprofit OnlineTrust Alliance found that six out of 13 firms, including Jackson Hewitt and Free 1040TaxReturn.com, don’t provide adequate security against cybercriminals. Seven firms, including Turbo Tax, H&R Block, TaxAct and TaxSlayer were praised for their practices and named to an "Honor Roll".
The group did the audit in early February. It was funded in part by grants from three cybersecurity firms, including DigiCert Inc.
Momentum is building toward finding a way to fix security vulnerabilities in wireless medical infusion pumps, which are widely used in the nation’s hospitals.
The National Institute of Standards and Technology (NIST) is mounting the charge, announcing in late January that it’s looking for technology companies to participate in a collaborative project to improve the security of wireless infusion pumps.
Manufacturers are aware of the concerns and have been working toward reducing the risks, says Mike Nelson, vice president of DigiCert, a company that provides security and identity solutions. "I do think the issue is very real, and there is a real risk of introducing a ‘back door’ into a hospital network. All these vulnerabilities need to be addressed."
With all the benefits of IoT in healthcare also come the risks. A group of experts discuss exactly what those dangers are and what to do about them: Mike Nelson, Karl West, and Scott Erven.
In healthcare, the Internet of Things offers many benefits, ranging from being able to monitor patients more closely to using generated data for analytics.
But that increased flow of information also brings risks that health IT professionals need to address.
"There are so many benefits that come with these new connected devices," said Mike Nelson, vice president of healthcare solutions at DigiCert…"But they also present some new risks and vulnerabilities that as an industry we haven’t, I would say, firmly dealt with to this point."
On the morning of Jan. 1, 2016, anyone with a cell phone more than five years old will be unable to access the encrypted web – which includes sites like Facebook, Google, and Twitter – according to a new plan to upgrade the way those sites are verified.
It might not be a big deal in New York or San Francisco, where a 5-year-old phone is treated as an antique, but in some parts of the developing world up to 7% of internet users could find themselves suddenly cut off from the world’s most popular sites, according to research recently published by Facebook and CloudFlare.
Jeremy Rowley, a CA/Browser Forum representative for DigiCert, a major certificate-issuing authority, told BuzzFeed News that while the group sees the move to SHA-2 as necessary from a security standpoint, it sees the points raised by Facebook and CloudFlare as valid.
"We support Facebook’s recommendation that there should be something to do rather than cutting out all these people at the same time," said Rowley. He said Facebook was expected to submit a timeline for its proposal by the end of the working day Monday, but by 5 p.m. PST, it was unclear if Facebook’s proposal has been finished.
The predominant theme at the DigiCert Security Summit Nov. 12–13 in Las Vegas was improving the usability of security solutions for the Internet of Things, (IoT), enterprises and end-users.
Many of the discussions at the Security Summit focused on protecting data in the era of the IoT, as the number of connected objects and devices is expected to increase exponentially in the next five years.
"The IoT introduces a new scale for security, one that we’re prepared to help organizations efficiently implement," said Jason Sabin, DigiCert chief security officer. "Express, automated installation and real-time certificate monitoring and inspection provide organizations the scalabilities, efficiencies and real-time insights into their systems that make strong security of devices and data in motion feasible. Leading organizations know that device authentication and data encryption are must-haves for the IoT era."
Think back to the height of the Cold War. As the US and the Soviet Union amassed huge stockpiles of weapons, the real battle was waged with information…Flash forward to today, and we see a battle of information and identity between organizations and attackers trying to steal personal information that they can turn around and sell. Nowhere is the risk greater than with the exploding Internet of Things (IoT) market. The threat vector is expanding…Encrypting all data is vitally important, but we have to make sure that the encrypted data ends up in the right hands. Hence, the importance of high-assurance identity binding to accompany security credentials online.
Medical device security is quickly becoming one of the top issues in the healthcare industry, especially as more healthcare providers implement connected devices. Organizations must ensure that everything from an X-ray machine to MRIs and even pace makers have the necessary security solutions in place to prevent unauthorized access.
General best practices for security devices, vulnerability testing, and the responsibility of medical device security are three main issues, according to DigiCert VP of Healthcare Solutions Mike Nelson. DigiCert is hosting a Security Summit November 12 and 13, with Nelson moderating a panel discussing medical device security. "An issue right now not just with devices being manufactured, but also with Legacy devices that exist within hospitals right now," Nelson said in an interview with HealthITSecurity.com. "The question is, ‘Whose responsibility is it to secure those devices?’"
With the efforts from Facebook and the Tor project, it should become easier to browse securely via SSL on the so-called Darknet. It’s not clear, in practice, if obtaining an SSL certificate for a .onion site will now be as standard as doing the same for a .com or .net. But DigiCert, the certificate authority that worked with Facebook on its .onion SSL certificate last year, expects to see more requests. Obtaining an SSL certificate for a .onion site also isn’t as simple as it is for a regular site. “.Onion sites may only obtain EV certificates. EV Certificates require a high-level of identity validation that ties an existing, registered, entity to the certificate’s public key,” Rowley said. “This is a far greater level of scrutiny than what most .com and .net sites go through to obtain a certificate.”
Even though it’s only early October, if your online retail business isn’t already gearing up for the holiday season, you may miss out on revenue. So what should you and your staff be doing now to ensure your ecommerce store is able to handle the extra holiday-related traffic? Following are 16 tips from ecommerce, security, and digital marketing pros on how to make sure your online store is prepared for the Hanukkah/Christmas/Kwanzaa shopping season.
Security is top of mind for many online shoppers these days. So "installing a high-assurance SSL/TLS certificate on your website is a must," says Flavio Martins, vice president of Operations, DigiCert.
Article by Scott Rea vice president of government and education relations and senior PKI architect at DigiCert:
Our healthcare system is often too wasteful and inefficient, placing a strain on patient outcomes and the federal budget. The Center for Medicare & Medicaid Services alone is burdened with $50 billion a year just in wrong payments. We’re in need of a major step forward using modern technology to provide efficiencies, and Direct messaging is the solution.
Direct messaging continues to grow because of its simplicity of use and interoperability via a standardized framework put in place by DirectTrust. The benefit of "Direct" is that it supports whatever data formats are already being used by provider EHRs. The focus is on securing the transport method, irrespective of what the message content is. Direct messaging, as prescribed by DirectTrust, utilizes military grade public key infrastructure to give providers, payers, clinics, and all healthcare parties a secure channel to communicate via simple e-mail protocols.
Private equity firm Thoma Bravo is once again wading into the security arena, this time picking up a majority interest stake in security vendor DigiCert. As part of the deal, in which financial terms have not been publicly disclosed, Thoma Bravo is acquiring the majority interest in DigiCert, with existing shareholder TA Associates remaining on-board as a minority shareholder. Current management at DigiCert will remain in place to oversee day-to-day operations. "We look forward to adding Thoma Bravo’s strategic insight and influence as we embark on our next phase of growth," Nicholas Hales, CEO at DigiCert, said in a statement.
The cyber sector is white hot. According to IDC, the hot areas for growth are security analytics/SIEM, threat intelligence, mobile security, and cloud security. Corporations are investing heavily in these areas to combat cybercrime. Here’s some noteworthy mergers and acquisition activity to report over the recent quarter (Q2 2015): DigiCert, a global Certificate Authority and leader of trusted identity solutions, acquires the CyberTrust Enterprise SSL business from Verizon Enterprise Solutions. Financial terms of the deal were not disclosed. The acquisition makes DigiCert the second-largest Certificate Authority (CA) for high-assurance SSL certificates.
Back in the old days – say, a whole 10 years ago – thieves had to be physically inside a healthcare facility to steal patient information. How times have changed.
Now, with the Internet and the seeming lack of consistent implementation of online security best practices when it comes to patient information, we’re making things much easier for attackers. The proof is in the data. Gartner research conservatively estimates close to 40 million health care records have been breached to date. That’s likely a conservative figure, given that breaches of fewer than 500 records are not required to be reported.
Avivah Litan, cybersecurity analyst at Gartner, told the Associated Press after the Anthem hack, "The healthcare industry is generally about 10 years behind the financial services sector in terms of protecting consumer information."
Logjam reminds us of the new reality we face in needing to continuously monitor and manage our SSL/TLS deployment. While many may wish it weren’t so, it’s critical that we pay more attention to digital certificates and secure server configuration and apply updates immediately. Recent reports show that a large number of Fortune 2000 companies still have not taken every step to remediate Heartbleed threats to their servers.
We’ve seen a rising tide of hacks in recent years, occurring in part because most businesses have no clue how to smartly manage their certificate landscape. With Google’s Certificate Transparency (CT) and new tools to continuously monitor certificate deployment, we can do better. There’s no reason not to know about vulnerable deployments and fix them. It’s time to stem the tide.
Smart clothes are increasingly where it’s at and where the industry is headed – a growing universe of garments made from fabric that’s wireless, washable and that integrates computing fibers into the integrity of the fabric. As just one indicator of how big this market may soon be, Google announced a partnership recently with the iconic clothing maker Levi’s. With such progress however, comes security issues and concerns. "A lot of this stuff is being done insecurely. Now we’re connecting millions of devices, such as smart clothing and wearables, and a lot of it is insecure," says DigiCert CSO Jason Sabin, whose company is discussing security solutions with many IoT companies.
With the use of mobile devices booming, and attacks against government networks and business databases escalating, data security has become a hot topic for IT system managers and users alike. Today’s technology advances have spurred a number of solutions to meet the requirements and the pockets of everybody who needs to secure a machine, from a simple home computer, to the most sophisticated networks. Sorting through so many different solutions, however, can be overwhelming. "Recent security breaches in multiple industries – including entertainment, retail, and healthcare — tell us that large enterprises are not paying enough attention to security best practices," says Dan Timpson, CTO at certificate authority DigiCert.
Capital One, JPMorgan Chase, Suntrust, Wells Fargo — none of them use what’s commonly referred to as the “best practice” in the industry when it comes to Web security. The worst offenders are HSBC and TD Bank. Their homepages don’t even secure private connections with customers, who might be unwittingly logging into fake websites run by cyberthieves. The only banks that do it right? BNY Mellon (BK) and PNC (PNC). DigiCert CSO Jason Sabin said banks "should be using https throughout their site. It doesn’t cost any more."
DigiCert today announced that it is acquiring the CyberTrust Enterprise SSL business from Verizon Enterprise Solutions. The acquisition, the financial terms of which are not being publicly disclosed at this time, will further bolster DigiCert’s customer ranks, while providing new security certificate options to Verizon’s customers.
Global Certificate Authority (CA) DigiCert announced on Tuesday that it has acquired the CyberTrust Enterprise SSL business from Verizon Enterprise Solutions. The acquisition will help DigiCert become the second-largest CA for high-assurance SSL Certificates, behind industry leader Symantec. As part of the deal, Lehi, Utah-based DigiCert will assume management of the CyberTrust trusted roots and intermediate certificates.
IoT, with its tiny screens & headless devices, will drive an authentication revolution. It’s a short leap from the kind of two-factor authentication used on the Apple Watch to proximity-based authentication that does away with any user interaction. Passwords are just the canary in the coalmine. “Maybe authentication becomes the way you walk as a person, or how you interact with the environment around you,” Jason Sabin said. “My shoes, my phone, my watch, my clothing – those could be another form of identification to prove that I am ‘Jason.'”
DigiCert’s SSL/TLS Internet of Things (IoT) solution will address tens of millions of Plex media servers and clients—making it one of the largest implementations of publicly trusted certificates to date. From now on, every Plex video and music streaming packet leaving and entering a user’s network is encrypted, and its recipient verified.
eWeek’s Sean Kerner sits down for a video interview with DigiCert CSO Jason Sabin to discuss SSL/TLS security and DigiCert’s efforts to improve security operations and standards for all. He also discusses DigiCert’s work to simplify certificate management for the enterprise.
When it comes to medical records, there is no lack of people with bad intentions trying to get their hands on that information. Unless healthcare organizations use available technology to protect this data flowing over the Internet, we are bound to witness more attacks like those that struck Anthem and Premera.
DigiCert is one of just two providers approved to provide digital certificates to verify signatures in NFC tags. This greatly enhances security. Learn more about the technical specification that DigiCert helped create and how it benefits consumers.
Digital certificates are a large part of what makes a secure web page/site secure. A certificate is a file that the website provides the browser. Certificate files serve two main functions, encryption and authentication…Domain Validation certificates are cheap, issued quickly and come with no practical trust. Extended Validation certificates cost more, take time to issue and are far more trustworthy.
DigiCert, a leader in SSL Certificate trust, today is announcing new ways to automate SSL certificate installation and server configuration while helping enterprises detect certificate fraud. Certificate Monitoring parses data from Google Certificate Transparency (CT) logs and proprietary DigiCert systems to give enterprises unparalleled insight into certificates issued for their domains, along with phishing detection. Express Install, unlike any other utility available, simplifies and automates SSL installation and server configuration for Windows servers and top Linux distributions.
CAs hold the security and trust of the Web in their hands, and issues like an intermediate CA associated with Chinese certificate authority CNNIC mis-issuing certificates for Google domains haven’t helped reinforce that trust. To help address the problems, CA DigiCert is introducing a new platform that enables continuous monitoring of all of an organization's certificates to protect against fraudulent certificate issuance, theft and other abuses of the system. The platform is based on DigiCert's participation in Google’s certificate transparency scheme, which creates public logs of issued certificates.
Learn more about DigiCert and some of the unique things we’re doing to affect change in the SSL industry.
Making sure that Secure Sockets Layer (SSL) certificates are authentic and have not been improperly issued is a challenge the Google-led Certificate Transparency effort is aiming to help solve. Multiple vendors now supporting the Certificate Transparency effort include certificate management vendor Venafi and certificate authority (CA) DigiCert. The Certificate Transparency initiative requires CAs to publish certificate information to a minimum of three log servers. CAs are the trusted authorities that can sell and manage SSL certificates.
Over the past few years, there have been several fake SSL wildcard certificates created, due to lapses at certificate authorities (CAs) and sometimes through compromised server infrastructure. These fake SSL certificates can be utilized to masquerade as legitimate, secure websites, appearing to be verified and authentic, fooling web browsers, so users can’t tell that a site they’re visiting is not secure.
The Certificate Transparency scheme proposed by Google engineers has taken a couple of significant steps forward recently, with the approval of the first independent certificate log and the passing of a deadline for all extended validation certificates to be CT-compliant or lose the green indicator in Google Chrome. On Jan. 1, a CT log operated by DigiCert, a Utah certificate authority, became operational, making it the first non-Google CT log to be approved. The approval is an important step, as part of the CT scheme requires that two-year extended validation certificates have proofs from three separate logs. Google currently operates two logs of its own.
Utah Business Magazine has honored DigiCert’s VP of Marketing, Travis Tidball, with its first annual Sales and Marketer of the Year (SAMY) Award for 2012.