Our five-part Quantum Computing/Quantum Apocalypse series was such a hit that we asked Alan Grau, VP of IoT and Embedded Solutions with Sectigo, to come back and talk about facility security.
Public Key Infrastructure (PKI) is the technology and processes behind managing and issuing digital certificates that authenticate users, devices or services.
The technology is used every day, most commonly with online banking or shopping on platforms like Amazon. The browser validates the website's digital certificate to make sure a user is communicating with an authentic website and not a nefarious actor cloning the site in an attempt to steal personal information.
The concept can be applied to any device, and Grau says it's a fundamental technology suitable for everything from keycard readers at the front door to personal devices used by manufacturing professionals.
IT departments and facility managers are typically charged with managing the devices within a facility, but as a company grows, so do the number of digital certificates that need to be managed. Certificates are essential because they make sure each device is authentic and performing authorized communication.
However, companies can have tens of thousands of certificates, and until recently, some IT managers were still managing credentials with a spreadsheet. Certificates only last for a certain amount of time, and managers must renew them to ensure they don't expire. If they expire, the system shuts down, and it can cause significant problems for manufacturers.
While IT professionals have various management schemes, Grau stresses the importance of automation to prevent problems with digital certificates. He says manual management doesn't work. For example, what if the IT person goes on vacation (or is fired) and the replacement doesn't know the spreadsheet exists? Automation systems provide a management console that helps companies manage, revoke, renew and review certificates.