
By Byron V. Acohido
For decades, the cornerstone of IT security has been Public Key Infrastructure, or PKI, a system that allows you to encrypt and sign data, issuing digital certificates that authenticate the identity of users.
Related: How PKI could secure the Internet of Things
If that sounds too complicated to grasp, take a look at the web address for the home page of this website. Take note of how the URL begins with HTTPS. The ‘S’ in HTTPS stands for ‘secure.’ Your web browser checked the security certificate for this website, and verified that the certificate was issued by a legitimate certificate authority. That’s PKI in action.
As privacy comes into sharp focus as a priority and challenge for cybersecurity, it’s important to understand this fundamental underlying standard.
Because it functions at the infrastructure level, PKI is not as well known as it should be by senior corporate management, much less the public. However, you can be sure cybercriminals grasp the nuances about PKI, as they’ve continued to exploit them to invade privacy and steal data.
Here’s the bottom line: PKI is the best we’ve got. As digital transformation accelerates, business leaders and even individual consumers are going to have to familiarize themselves with PKI and proactively participate in preserving it. The good news is that the global cybersecurity community understands how crucial it has become to not just preserve, but also reinforce, PKI. Google, thus far, is leading the way. (more…)