Security Magazine logo
search
cart
facebook twitter linkedin youtube
  • Sign In
  • Create Account
  • Sign Out
  • My Account
Security Magazine logo
  • NEWS
    • Security Newswire
    • Technologies & Solutions
  • MANAGEMENT
    • Leadership Management
    • Enterprise Services
    • Security Education & Training
    • Logical Security
    • Security & Business Resilience
    • Profiles in Excellence
  • PHYSICAL
    • Access Management
    • Fire & Life Safety
    • Identity Management
    • Physical Security
    • Video Surveillance
    • Case Studies (Physical)
  • CYBER
    • Cybersecurity News
    • More
  • BLOG
  • COLUMNS
    • Cyber Tactics
    • Leadership & Management
    • Security Talk
    • Career Intelligence
    • Leader to Leader
    • Cybersecurity Education & Training
  • EXCLUSIVES
    • Annual Guarding Report
    • Most Influential People in Security
    • The Security Benchmark Report
    • Top Guard and Security Officer Companies
    • Top Cybersecurity Leaders
    • Women in Security
  • SECTORS
    • Arenas / Stadiums / Leagues / Entertainment
    • Banking/Finance/Insurance
    • Construction, Real Estate, Property Management
    • Education: K-12
    • Education: University
    • Government: Federal, State and Local
    • Hospitality & Casinos
    • Hospitals & Medical Centers
    • Infrastructure:Electric,Gas & Water
    • Ports: Sea, Land, & Air
    • Retail/Restaurants/Convenience
    • Transportation/Logistics/Supply Chain/Distribution/ Warehousing
  • EVENTS
    • Industry Events
    • Webinars
    • Solutions by Sector
    • Security 500 Conference
  • MEDIA
    • Videos
      • Cybersecurity & Geopolitical Discussion
      • Ask Me Anything (AMA) Series
    • Podcasts
    • Polls
    • Photo Galleries
  • MORE
    • Call for Entries
    • Classifieds & Job Listings
    • Continuing Education
    • Newsletter
    • Sponsor Insights
    • Store
    • White Papers
  • EMAG
    • eMagazine
    • This Month's Content
    • Advertise
  • SIGN UP!
CybersecurityManagementTechnologies & SolutionsSecurity Enterprise ServicesSecurity Leadership and ManagementLogical SecuritySecurity & Business ResilienceSecurity Education & TrainingCybersecurity News

Business leaders investing in digital security to manage a permanent remote workforce

By Jordan Rackie
The Long and Winding Road to Cyber Recovery
August 12, 2020

COVID-19 has produced an ongoing global health crisis, a recession and drastic business shifts, yet encouragingly finance leaders remain committed to spend that supports digital transformation and security technology.

A recent survey by PwC surveyed hundreds of US-based finance leaders and found that many plan to invest in areas focused on business operations in a post-COVID world. According to the survey, areas of growth and spend include digital transformation, cybersecurity and privacy – all supporting permanent work from home infrastructure.

The nationwide shutdown had most businesses scrambling to ensure their IT infrastructure could support the unplanned move to remote work. Since the shift, leaders are realizing that remote work is efficient and sustainable. In fact, 54 percent of CFOs now view remote working as a permanent workplace option.

 

Digital identity protection paramount to remote workforce security

IT security is a challenge for businesses under normal circumstances. Pre-COVID, research found that leaders and IT professionals were concerned about managing risks related to digital transformation. Just under half of survey respondents said that authenticating and controlling IoT devices was a top strategic priority for their organization’s digital security while 60 percent were adding additional layers of encryption technologies to secure IoT devices.

Today, enterprises face new uncertainties. COVID-19 has rapidly expanded the footprint of mobile devices and remote workers, introducing complex security risks. Public Key Infrastructure (PKI) is a common enterprise IT tool used to secure digital identities across the workforce and all the applications and devices it uses. Every person, machine and application must have a trusted and verified identity; PKI and digital certificates secure connections to those identities behind and beyond the corporate firewall.

PKI deployments have evolved as a secure and cost-effective technology that protects business-critical infrastructure and enables new initiatives from the cloud to the IoT. As businesses pivot to a permanent remote workforce, IT and security leaders must make decisions on how to re-build or re-engineer disjointed and aging PKI environments, and the certificates those systems issue.

 

Build vs. Buy

When it comes to PKI, leaders have two options: build it or move it to the cloud. PKI as-a-Service (PKIaaS) platforms are becoming a popular investment choice that provide all the benefits of a privately rooted PKI, but without the cost and complexity of running it in-house. PKIaaS providers can deliver a much more effective, and ultimately more secure, PKI than most enterprises can achieve on their own.

Regardless of whether the choice is to build or buy, teams must consider six key requirements to ensure in-house or out-sourced PKI success – and digital identity security:

  1. Understand your use cases. The process of architecting a PKI that fits your unique environment and business needs isn’t as easy as you’d think. Start by understanding and thoroughly documenting your intended PKI use cases. This baseline knowledge is key to every step, from architecting the PKI through to deployment.
  2. Define policies and practices. Once you’ve documented your use cases, you’ll need to define your policies and practices, which will guide you through the process of implementing controls for your PKI. Creating these documents can be a daunting task, but it’s important to note that just copying another set of policy and practice documents verbatim will not suffice. These tools only have value if they truly represent your organization’s specific PKI requirements and operational processes. The NIST 7924 Draft CP/CPS can provide a solid starting point, but you’ll need to customize it to your organization.
  3. Perform the root signing ceremony. The Root CA is a security measure that you have control over from the start. Building the root CA (i.e., the root signing ceremony) is akin to creating a “master key” to an organization’s network and should be treated with the same sensitivity. The building and configuration of the root CA should be well scripted in a controlled environment. Depending on the assurance level desired for the PKI, this ceremony will range from an informal execution of a scripting document (low assurance) to a formal recorded event in a pre-authorized location (high assurance).
  4. Build and configure the infrastructure. Create a clear set of build documentation and configuration procedures to identify any gaps and ensure that infrastructure aligns with the policies and practices established earlier. Share and review the plan with other PKI-dependent teams to ensure that you have not missed anything. Before placing the PKI into production, make sure that you’re able to properly test all PKI components, as well as certificates across the various platforms and applications you intend to support.
  5. Transition from test to production. A PKI requires a significant amount of care and feeding to remain functional. This stage can be a dangerous tripping point for security teams who were focused on simply implementing the PKI, but not its ongoing operations. A critical component to PKI operations involves how to incorporate, explain and document changes, also known as change control.
  6. Plan to continuously review, test and audit. Once controls have been documented and operationalized, they must be reviewed and tested on a regular basis. This can be part of an internal audit and should include review and testing of everything listed in your policies and practices, business continuity and disaster recovery plans for all PKI components. Organizations that schedule and conduct their own internal audits regularly can easily identify issues, answer external auditor questions and provide proof of the required level of assurance.

As the permanent remote workforce becomes a reality and investments are reviewed, business continuity, digital transformation and security spending must prioritize digital identity protection. From a business operations perspective, we’re navigating uncharted territory and we need to continue to invest in the battle tested technology that will guide us through to the other side.

KEYWORDS: COVID-19 cyber security digital security IT infrastructure risk management

Share This Story

Looking for a reprint of this article?
From high-res PDFs to custom plaques, order your copy today!

Jordan rackie outside

Jordan Rackie is an expert in developing and leading modern go-to-market teams and strategy, having led multiple companies through large-scale growth. He is currently CEO at Keyfactor, responsible for setting the company vision, driving both top and bottom line results and managing Board relations.

Recommended Content

JOIN TODAY
To unlock your recommendations.

Already have an account? Sign In

  • Security's Top Cybersecurity Leaders 2024

    Security's Top Cybersecurity Leaders 2024

    Security magazine's Top Cybersecurity Leaders 2024 award...
    Top Cybersecurity Leaders
    By: Security Staff
  • cyber brain

    The intersection of cybersecurity and artificial intelligence

    Artificial intelligence (AI) is a valuable cybersecurity...
    Security Enterprise Services
    By: Pam Nigro
  • artificial intelligence AI graphic

    Assessing the pros and cons of AI for cybersecurity

    Artificial intelligence (AI) has significant implications...
    New Security Technology
    By: Charles Denyer
Manage My Account
  • Security eNewsletter & Other eNews Alerts
  • eMagazine Subscriptions
  • Manage My Preferences
  • Online Registration
  • Mobile App
  • Subscription Customer Service

More Videos

Sponsored Content

Sponsored Content is a special paid section where industry companies provide high quality, objective, non-commercial content around topics of interest to the Security audience. All Sponsored Content is supplied by the advertising company and any opinions expressed in this article are those of the author and not necessarily reflect the views of Security or its parent company, BNP Media. Interested in participating in our Sponsored Content section? Contact your local rep!

close
  • Sureview screen
    Sponsored bySureView Systems

    The Evolution of Automation in the Command Center

  • Crisis Response Team
    Sponsored byEverbridge

    Automate or Fall Behind – Crisis Response at the Speed of Risk

  • Perimeter security
    Sponsored byAMAROK

    Why Property Security is the New Competitive Advantage

Popular Stories

Rendered computer with keyboard

16B Login Credentials Exposed in World’s Largest Data Breach

Verizon on phone screen

61M Records Listed for Sale Online, Allegedly Belong to Verizon

Security’s 2025 Women in Security

Security’s 2025 Women in Security

Red spiderweb

From Retail to Insurance, Scattered Spider Changes Targets

blurry multicolored text on black screen

PowerSchool Education Technology Company Announces Data Breach

2025 Security Benchmark banner

Events

July 17, 2025

Tech in the Jungle: Leveraging Surveillance, Access Control, and Technology in Unique Environments

What do zebras, school groups and high-tech surveillance have in common? They're all part of a day’s work for the security team at the Toledo Zoo.

August 7, 2025

Threats to the Energy Sector: Implications for Corporate and National Security

The energy sector has found itself in the crosshairs of virtually every bad actor on the global stage.

View All Submit An Event

Products

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

See More Products

Related Articles

  • telecommute

    Survey: Realities of a Remote Workforce Increase Cybersecurity Concerns for Half of All Small Business Owners, But Policies, Training Still Lag

    See More
  • video collaboration

    Effective video collaboration: What you need to consider before investing in a system

    See More
  • background check feat

    How to Manage Background Checks Requirements for a Global Workforce

    See More

Related Products

See More Products
  • physical security.webp

    Physical Security Assessment Handbook An Insider’s Guide to Securing a Business

  • security culture.webp

    Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

  • school security.jpg

    School Security: How to Build and Strengthen a School Safety Program

See More Products
×

Sign-up to receive top management & result-driven techniques in the industry.

Join over 20,000+ industry leaders who receive our premium content.

SIGN UP TODAY!
  • RESOURCES
    • Advertise
    • Contact Us
    • Store
    • Want More
  • SIGN UP TODAY
    • Create Account
    • eMagazine
    • eNewsletter
    • Customer Service
    • Manage Preferences
  • SERVICES
    • Marketing Services
    • Reprints
    • Market Research
    • List Rental
    • Survey/Respondent Access
  • STAY CONNECTED
    • LinkedIn
    • Facebook
    • YouTube
    • X (Twitter)
  • PRIVACY
    • PRIVACY POLICY
    • TERMS & CONDITIONS
    • DO NOT SELL MY PERSONAL INFORMATION
    • PRIVACY REQUEST
    • ACCESSIBILITY

Copyright ©2025. All Rights Reserved BNP Media.

Design, CMS, Hosting & Web Development :: ePublishing