Name: How to Safeguard Your Software Supply Chain with Secure Code Signing
Start: 2023-12-06T16:00:00Z
End: 2023-12-06T16:00:42.000Z
Location: BrightTALK
Rating: 4.2

 AppViewX is trusted by the world’s leading organizations to reduce risk, ensure compliance, and increase visibility through automated certificate lifecycle management. The AVX ONE platform provides complete certificate lifecycle management and PKI-as-a-Service using streamlined automation workflows to prevent outages, reduce security incidents and enable crypto-agility.

With the recent NIST announcement of the first set of finalized Post-Quantum Cryptography (PQC) encryption algorithms, many organizations are wondering what to do next. This raises important questions like - what is the PQC timeline and where do we get started now in our readiness journey?

Join our expert panel discussion with: 
● Murali Palanisamy, Chief Solutions Officer at AppViewX and 
● Ganesh Gopalan, VP & General Manager of Identity Security at AppViewX

In this session, we will explore:
● The Current State of PQC: NIST’s recent announcement and what it means across industries
● Next Steps: What happens next for technology vendors, enterprises and PQC ‘adoption’
● Strategic Insights: Key strategies and tools for PQC readiness 

Don’t miss this opportunity to gain clarity on PQC and learn how to stay ahead of critical PKI changes.

Post-Quantum Cryptography (PQC) Panel: NIST’s Announcement and PQC Readiness

Non-human identities present a relatively new challenge for enterprise security teams. Non-human identities, including digital certificates, service accounts and bots, secrets, and OAuth tokens, frequently have broad privileges and are an attractive attack vector for adversaries. Getting visibility to these identities and managing the risk associated with them can be new territory for many security teams.  

Recent research from the Enterprise Strategy Group shows  that inadequate management can increase risk with consequences running the gamut from downed systems to compliance concerns to data breaches. With non-human identity security concerns now getting board level attention, this webinar will explain the management challenges, how enterprises are innovating to address those challenges, and provide best practices in addressing these challenges.

New ESG Research: Uncovering and Managing Non-human identity Risk

There are major disruptions on the “PKI horizon” with the Entrust distrust issue, Google’s proposal for 90-Day TLS Certificates, and Post-Quantum Cryptography (PQC) readiness. If you have not already implemented an automated certificate lifecycle management strategy, you are probably feeling the stress. Crypto-Agility is the answer to solving these challenges and AppViewX can help get you there fast.

Join Ganesh Gopalan, General Manager and Vice President of Identity Security for PKI and CLM at AppViewX for an insightful webinar where we will dive into the latest trends in PKI, what the implications are for enterprises and the ultimate call-to-action – implementing Crypto-Agility.

Key Takeaways:
● Demystifying the trends and disruptions in today’s PKI landscape 
● What is Crypto-Agility? 
● Top reasons to implement Crypto-Agility now!
● Best practices for Crypto-Agility within your organization

Top 3 Reasons You Need Crypto-Agility Today

Google recently announced a proposal to reduce the maximum validity period for public TLS certificates from 398 days to 90 days. This is a massive change that all organizations need to be aware of now to start preparing for how to renew all public TLS certificates four times a year.

What is the objective behind these proposed changes? What’s the impact on certificate management and how should organizations prepare?
 
Certificate lifecycle management automation is the only way to keep up with short-lived certificates to ensure your internet applications are available and secure. Start preparing now!

Join Muralidharan Palanisamy, Chief Solutions Officer, AppViewX to learn and understand:

- Google’s proposal to reduce the TLS certificate validity 
- The impact of short-lived certificates and how to prepare
- How to achieve certificate lifecycle automation and crypto-agility at scale with AppViewX CERT+

Crypto-Agility Automation: Prepare Now for Google’s 90-Day TLS Validity Proposal

Microsoft CA, also known as Active Directory Certificate Services (ADCS), has been the go-to solution for organizations' private PKI needs for many years. However, maintaining and securing Microsoft CA is getting more and more difficult and costly. It’s now time to migrate to a more cost effective and efficient PKI-as-a-Service (PKIaaS) to support the growing need of private trust certificates.

Join Ganesh Gopalan, General Manager & Vice President, Identity Security for PKI & CLM at AppViewX for an insightful webinar discussing the compelling reasons to transition from a Microsoft CA to PKIaaS and simple steps to ensure a successful migration.

The webinar will cover:

● The State of PKI Today and the Role of Microsoft CA
● Pain points with Microsoft CA that are driving organizations to consider PKIaaS
● Simple steps to effectively streamline the migration from MS CA to PKIaaS

Simple Steps to Migrate Your Microsoft CA to PKI-as-a-Service

Kubernetes is a highly complex environment to secure and native security controls offered by Kubernetes and other open-source solutions often fall short. 

PKI-based TLS certificates are highly-recommended for Kubernetes security. With identities, authentication, and encryption - TLS certificates offer an effective way of securing multiple layers in Kubernetes, encompassing the Ingress traffic, Service Mesh and pod-to-pod communications, and Kubernetes infrastructure components. 

However, managing a high-volume of short-lived TLS certificates in Kubernetes is not easy. Issuing certificates at DevOps speed while ensuring certificates are valid, secure, and compliant, can become extremely daunting for security teams. 

The key to navigating these challenges and bringing security up to speed with DevOps lies in simplifying certificate lifecycle management for Kubernetes. 

Join our webinar with, Harshana Morthy, Lead Principal Solutions Architect, AppViewX for a deeper dive on: 

- Fortifying Kubernetes security with PKI and TLS/mTLS certificates 
- The challenges of managing certificates across Kubernetes environments 
- How to simplify and modernize Certificate Lifecycle Management to harden Kubernetes security and enable DevOps speed and agility

Simplifying Certificate Lifecycle Management for Kubernetes Environments

Despite the many promising opportunities and benefits, there is little doubt that quantum computers with sufficient processing power will eventually break today’s widely used encryption algorithms, like RSA and ECC, with relative ease. Threat actors know this and are harvesting valuable encrypted data with the intent of decrypting it in the quantum future.
  
Given this imperative, it is critical that organizations jumpstart their post-quantum preparation today. As cryptography is foundational to internet security, organizations must prioritize building crypto-agility, to quickly and securely replace or update vulnerable keys and certificates.  

Join this webinar to explore and understand: 

- The impact of quantum computing on cybersecurity 
- Why crypto-agility is critical to defending against quantum threats 
- Key steps to build crypto-agility  
- The benefits of being crypto agile today   
- How AppViewX CERT+ Enables Crypto-agility at Scale

Crypto-Agility and Preparing Now for Post-Quantum Cryptography

With digital transformation rapidly changing how the world operates, and the pandemic continuing to expedite digital dependence, it is increasingly challenging for security teams to keep their certificate infrastructures in perfect working order. The presence of thousands of certificates eventually results in unexpected expirations and non-compliant certificates- causing critical outages and security weaknesses. 

In this webinar, we will dive deeper into the complexity, challenges, and security risks associated with managing public key infrastructure (PKI) and digital certificates. Implementing a well-defined certificate management strategy, and investing in end-to-end automation have become a necessity.

Join Muralidharan Palanisamy to learn about: 

- The impact of digital transformation and changing dynamics of certificate management
- Challenges organizations face in managing their PKI and digital certificates
- How to achieve holistic visibility and end-to-end certificate lifecycle automation with AppViewX CERT+

Top 7 PKI & Certificate Management Challenges Security Teams Face

Microsoft CA, also known as Active Directory Certificate Services (ADCS), has been the go-to solution for organizations' private PKI needs for many years. However, maintaining and securing Microsoft CA is getting more and more difficult and costly. It’s now time to migrate to a more cost effective and efficient PKI-as-a-Service (PKIaaS) to support the growing need of private trust certificates.

Join Ganesh Gopalan, Vice President of Product Management at AppViewX for an insightful webinar discussing the compelling reasons to transition from a Microsoft CA to PKIaaS and simple steps to ensure a successful migration.

The webinar will cover:

● The State of PKI Today and the Role of Microsoft CA 
● Pain points with Microsoft CA that are driving organizations to consider PKIaaS
● Simple steps to effectively streamline the migration from MS CA to PKIaaS

The importance of code signing to ensure the integrity and authenticity of software, securing the software supply chain, and extending trust to end users cannot be overstated. Yet, many organizations continue to practice code signing with ad-hoc processes and mismanaged private keys, exposing themselves and their software to supply chain attacks. 

How do you mitigate this risk? How do you ensure your code signing practices are efficient, reliable, and secure? 

Join us for an insightful webinar featuring Ganesh Gopalan, Vice President of Product Management at AppViewX, as he shares practical strategies for modernizing code signing processes to tackle DevOps challenges and strengthen the overall software supply chain.

Here’s what you’ll learn:
● The power of secure code signing in modern software supply chains
● How to meet the new CA/Browser Forum code signing requirements
● The strategies to integrate code signing into the DevOps pipeline
● How to give security teams better visibility and control over code signing

How to Safeguard Your Software Supply Chain with Secure Code Signing

AWS- Manthan Raval, Senior Solution Architect at Amazon Web Services, discusses the concept of zero trust and its implementation in this presentation. Manthan provides examples of how AWS incorporates zero trust principles, including micro-segmentation, authorization simplification, and streamlined access to internal applications. Manthan emphasizes that zero trust is an ongoing journey, urging organizations to prioritize security based on use cases and work towards a comprehensive, identity-centric security strategy.

Journey to Zero-Trust at scale: An AWS perspective

Deploying Kubernetes effectively requires a practiced hand that understands the security and compliance nuances, including vulnerability analysis on code, multifactor authentication, simultaneous handling of multiple stateless configuration requests, and many more considerations.

Luckily, our panel of experts is equipped to assist you with this very topic. 

Ganesh Janakiraman, Head of Cloud Platform Engineering at Broadcom, joins Ravishankar Chamarajnagar, Chief Product Officer at AppViewX, in this panel discussion to shed light on how to overcome the security challenges in Kubernetes environments and the importance of TLS certificates. 

Tune in to discover how to tackle your own pressing K8s security challenges, as well as hear how AppViewX is helping Broadcom provide visibility, automation, and control of certificates in their Kubernetes environment.

How to Overcome Common Kubernetes Security Challenges

Network Security

Cyber Security

DevOps

DevSecOps

Application Security

Software Security

Software supply chain

Software supply chain attacks

Key Management

Security Validation

Are you an IT service management professional interested in developing your knowledge and improving your job performance? Join the IT service management community to access the latest updates from industry experts. Learn and share insights related to IT service management (ITSM) including topics such as the service desk, service catalog, problem and incident management, ITIL v4 and more. Engage with industry experts on current best practices and participate in active discussions that address the needs and challenges of the ITSM community.

IT Service Management

The IT security community on BrightTALK is composed of more than 200,000 IT security professionals trading relevant information on software assurance, network security and mobile security. Join the conversation by watching on-demand and live information security webinars and asking questions of experts and industry leaders.

IT Security

Increasing expectations for good governance, effective risk management and complex demands for corporate compliance are presenting a growing challenge for organizations of all sizes. Join industry thought leaders as they provide you with practical advice on how to implement successful risk and compliance management strategies across your organization. Browse risk management resources in the form of interactive webinars and videos and ask questions of expert GRC professionals.

IT Governance, Risk and Compliance

The data center management community focuses on the holistic management and optimization of the data center. From technologies such as virtualization and cloud computing to data center design, colocation, energy efficiency and monitoring, the BrightTALK data center management community provides the most up-to-date and engaging content from industry experts to better your infrastructure and operations. Engage with a community of your peers and industry experts by asking questions, rating presentations and participating in polls during webinars, all while you gain insight that will help you transform your infrastructure into a next generation data center.

Data Center Management

The unexpected nature of natural disasters and other disruptive events means that preparation is key to managing disaster recovery and business continuity planning. Join the business continuity and disaster recovery community for live and recorded presentations discussing best practices for business continuity planning, disaster recovery programs and business continuity management. Learn from BCDR experts to develop your critical infrastructure and gain insight into tactical solutions to your BCDR issues.

Business Continuity / Disaster Recovery

Network infrastructure professionals understand that a reliable and secure infrastructure is crucial to enabling business execution. Join the network infrastructure community to interact with thousands of IT professionals. Browse hundreds of on-demand and live webinars and videos to learn about the latest trends in network computing, SDN, WAN optimization and more.

Network Infrastructure

As an IT professional, many of the problems you face are multifaceted, complex and don’t lend themselves to simple solutions. The information technology community features useful and free information technology resources. Join to browse thousands of videos and webinars on ITIL best practices, IT security strategy and more presented by leading CTOs, CIOs and other technology experts.

How to Safeguard Your Software Supply Chain with Secure Code Signing

Presented by

About this talk

More from this channel