Page 71 - Cyber Defense eMagazine - November 2017
P. 71

This is an extremely significant development, and will certainly have the people responsible for
               maintaining secure systems busy as they consider their next steps.

               THINKING OF SWITCHING TO A NEW CERTIFICATE PROVIDER?

               With the  sweeping  changes  being  implemented by  Google (and  Mozilla  by  extension),  some
               companies may be considering making a switch to a new SSL service provider.

               While it’s not necessarily an extremely complex process, it will be necessary to plan this out. It
               is also strongly recommended you give yourself enough time to determine whether you want to
               remain with your current CA, or if you do indeed want to jump to a new one.

               If you’re strongly considering making a switch, following are some important steps to consider.


               At the outset, it will be important to survey and access your existing certificates, your company’s
               needs as well as your usage. You should also be inventorying everything so you know what
               needs replacing once you decide to make a switch. In addition, it will be necessary to identify
               which  of  your  team  members  will  manage  your  new  account.  Making  sure  you  train  these
               individuals on the new GUI (Graphical User Interface) is key, and you should factor any training
               time into your transition timeline.

               Also important during the certificate authority switch is API integration. If you have one with your
               current CA, there will need to be a similar integration with your prospective new CA who should
               have satisfactory API documentation, and be able to provide support and guidance throughout
               the on-boarding process.

               Another critical element in this process will be estimating the costs involved of a switch. You
               should be thinking about everything from capital and operational expenditures to annual costs,
               product definitions and any set-up fees you’ll incur with the new CA.

               During this process you should insist on a solution that includes comprehensive SSL certificate
               management. This service helps customers discover, inventory and manage all SSL certificates
               across their network and cloud services. Most CA’s today offer this to reduce risk, respond to
               threats but also to control SSL costs.

               Finally, when comparing managed SSL providers, be sure you place an importance on the fact
               that you are essentially picking a business partner, not just a product, as this is a relationship
               that goes well beyond just its delivery. Your organization will have a dependency on the CA long
               after they have issued your certificates.

               Your prospective new CA should also be able to provide you with the highest security, feature-
               rich SSL Certificates. They should also be able to provide sound advice on security initiatives,
               take your business needs into consideration when making recommendations, and provide you
               with tools in order to verify that your web server configuration has been optimized to guarantee
               maximum security.





                   71    Cyber Defense eMagazine – November 2017 Edition
                         Copyright © 2017, Cyber Defense Magazine,  All rights reserved worldwide.
   66   67   68   69   70   71   72   73   74   75   76