Name: Streamlining DevOps Security with Fast & Secure Code Signing
Start: 2024-06-05T15:30:00Z
End: 2024-06-05T15:30:34.000Z
Location: BrightTALK
Rating: 0

We are the world's leading provider of applied cryptography.
Over 100 Fortune 500 corporations have sought our help in protecting their most sensitive data and solving the most complex problems. Through our products and professional services, you can strengthen your ability to protect cryptographic keys, digital certificates, software code signing, Certificate Lifecycle management, and more. We are committed to staying up-to-date with the latest technology trends, compliances, and best practices in data security, and we leverage this expertise to help our clients achieve their security goals.

In this session, discover how automating encryption can simplify security management for application and SaaS providers. We’ll explore the technical challenges and solutions for seamlessly integrating encryption into your workflows, ensuring data protection at every stage. Learn best practices for automating key management, encryption processes, and compliance monitoring to secure sensitive data without disrupting operations. Real-world use cases will highlight successful implementations of automated encryption that reduced complexity and enhanced security for leading SaaS providers.

EC-Conference2024: Automating Encryption, A Guide for Application and SaaS Providers

It's time for organizations to transition from FIPS 140-2 to 140-3. The new FIPS 140-3 compliance comes with new security requirements, and every security requirement requires multiple measures that have to be taken into consideration for an effective transition. This session provides a detailed overview of the FIPS 140-2 and FIPS 140-3 frameworks, focusing on security requirements, levels, and key changes. Learn how to navigate the implementation process, understand critical terminologies, and prepare for FIPS 140-3 compliance.
 
Key Takeaways:
- Overview of FIPS 140-2 and FIPS 140-3 standards
- Key differences and changes introduced in FIPS 140-3
- Understanding security levels and scope of requirements
- Steps for transitioning from FIPS 140-2 to FIPS 140-3
- Practical insights for ensuring cryptographic compliance and security

EC-Conference2024: FIPS 140-2 and 140-3 Explained with Critical Insights for Cryptographic Security and Compliance

The migration of existing use cases to PQC is challenging the whole industry. There are general recommendations from industry committees and governmental institutions.  For example, the CNSA 2.0 constitutes concrete requirements for dedicated use cases starting in 2025.  The preferred PQC algorithms for long-term use cases like firmware signing are the so-called “stateful hash-based signatures.  These algorithms, i.e. LMS/HSS and XMSS/XMSS-MT, were standardized by NIST in 2020.  Utimaco will present  “OTS-preserving framework” for secure deployment and operating of these algorithms in Hardware Security Modules (HSM) in distributed systems and offline scenarios. Utimaco will outline the design criteria of this framework in real-world distributed environments, describe the proposed OTS-preserving framework, its implementation status, and its discussion within the PQC community, including with NIST, and conclude by presenting a customer implementation.  This will highlight the state handling challenge and how an ideal solution should look like to allow a smooth transition into the PQC era.

EC-Conference2024: Overcoming PQC Migration Challenges with Stateful Hash-Based Signatures and Secure Deployment in HSMs

Let’s explore the critical importance of software change management controls in mitigating risks. Beginning with a high-level overview of AI's capabilities, we'll transition into a crucial discussion on why blind reliance on software can lead to vulnerabilities and how software should be built. Through real-world examples, we'll underscore the profound impact of inappropriate software changes, emphasizing the need for robust testing and oversight protocols to safeguard against risk.

Key Takeaways: 

- Understand the fundamentals of AI and its widespread adoption in various industries.

- Recognize the risks associated with unquestioning reliance on software outputs, including potential fraud and errors. 

- Learn about the significance of software change management controls and testing in high volume software development organizations. 
 
- Appreciate the real-world implications of inappropriate software changes through breaches and exploits. 

- Acquire strategies for implementing effective software change management practices to protect against AI and ensure operational integrity.

When Code Breaks: Exploring Billion Dollar Outages

Cryptography is now a hard requirement for many internal security policies and regulations such as PCI-DSS. However, due to silos inside an enterprise’s hyper-dynamic infrastructure, it’s difficult for security and compliance teams to deploy and evaluate encryption effectively.

In this session, we discuss real-world challenges and solutions for compliance use cases such as:

- Building an inventory and assess the risks of your cryptographic assets including PQC readiness
- Large-scale file-level encryption

EC-Conference2024: Taming the Crypto Chaos Across Hybrid Multicloud for Compliance

In our session, we will share insights on the FIPS standards for quantum-safe algorithms and their usage on HSMs. We will take you through all the coming changes to PKCS#11 and compare some speeds when using ML-DSA compared to other algorithms.

EC-Conference2024: Quantum-Safe Cryptography and HSMs FIPS Standards PKCS#11 Updates and ML-DSA Performance Insights

Explore the essential role of code-signing in regulatory compliance, covering key requirements like GDPR, HIPAA, and supply chain security. Learn how code-signing protects software integrity and helps organizations meet compliance standards. This session will also highlight best practices for implementing secure, automated code-signing processes and showcase real-life success stories from companies that have effectively used code-signing to streamline operations and ensure compliance.

EC-Conference2024: Your Roadmap to Code-Signing Compliance

While significant focus has been placed on upgrading asymmetric algorithms in the face of future Quantum threats, an accelerating threat vector is the use of AI and Machine Learning to attack cryptographic keys made from poor-quality entropy. Newly standardized NIST PQC algorithms like ML-KEM and ML-DSA require significantly more entropy than the classic algorithms they will replace, and even AES-256 keys are under threat. This talk will focus on advancing threat research, the state of the commercial market for QRNG, relevant standards, and immediate use cases that can elevate data, application, network, PKI, and cloud security TODAY, independent of PQC algorithm migration.

EC-Conference2024: Leveraging Quantum Entropy for Boosting Cryptographic Security

Protecting data in applications instead of in storage can reduce attack vectors and improve overall data security, but it can be messy and impractical for most enterprises. What if it wasn’t? Learn about specific architectures that abstract how data is protected, centralize data protection policy controls, and deliver the crypto-agility needed to adapt data protection over time without expensive rework.

AUDIENCE TAKEAWAYS
1. Understand the data security gaps that traditional storage security does not address and benefits of protecting data in applications.

2. Understand the challenges of trying to interweave data security into applications that can drive complexity and implementation cost and lead to higher total cost of ownership.

3. Conduct ways to deliver robust data protection and privacy using a variety of techniques in conjunction with architectures that reduce complexities, implementation times, and overall costs.

EC-Conference2024: Thinking Differently About How and Where to Protect Sensitive Data

The goal of this session is to equip the attendees with the perspectives to consider when analyzing the risks in the Gen-AI/AGI space and the mitigation approaches. We will start by identifying the threats and risks from a different lens that accounts for the impacts on our professional and personal lives and how they may be intertwined. We will then walk through analytical methods to identify and implement mitigating controls. We will conclude with some example scenarios and sample mitigation options, one of which will be about leveraging the Gen-AI/AGI tools and the advances in technology to combat the threats from the same.

Gen-AI/AGI - How have these technological advances changed cybersecurity risk identification and mitigation approaches?

Join us for a session on the critical aspects of PKI and certificate management. Discover why a professional PKI health check and assessment are essential for maintaining a secure PKI environment. Learn about effective Certificate Lifecycle Management practices and why choosing the right certificate automation tool is crucial for streamlining operations and minimizing risks. Get valuable insights and practical strategies to ensure your PKI system is resilient, efficient, and ready for the future.

EC-Conference2024: Optimizing PKI & Certificate Management with Health Checks & Automation Tools

With the increase of constant threats and risks, now’s the time to get your house in order for Post-Quantum Cryptography. This session will highlight these increased risks and outline how to effectively counter against evolving threats with strategic and tactical steps of a PQC readiness plan. This session will also identify some of the challenges affecting today’s PKI, Code Signing, IoT, and TLS. To conclude, real-world strategies will be presented to provide the audience with present examples for a pragmatic & successful PQC migration plan that includes identification and testing against your priority enterprise applications and infrastructure.

Get your PQC Readiness Plan in Gear: How to Develop a Practical Plan

Join us for a session where we introduce our very own Generative AI solution for applied cryptography and we will take you through our innovative on-demand training platform and certifications. Experience firsthand the latest developments in our flagship products: Certificate Lifecycle Management Solution, CertSecure Manager and Code-Signing Solution, CodeSign Secure. Discover how CertSecure Manager now supports multi-cloud environments and learn about the new Apple signing capabilities in CodeSign Secure. Plus, get a complete overview of all our recent product advancements and future enhancements.

EC-Conference2024: Keynote Session

The NIST Cybersecurity Framework (CSF) was updated to version 2.0. The update emphasizes governance, which includes more guidelines on how executives and leaders should be involved in cybersecurity decisions. NIST 2.0 introduces refined metrics for assessing cybersecurity effectiveness, allowing organizations to identify weak spots in their security posture and replace outdated practices.
 
This video covers these key concepts:
 - The architecture of NIST 2.0 Cybersecurity Framework
 - How the Architecture Differs from NIST v1.1?
 - Brief on the Govern Function
 - What Changed from NIST 1.1 to NIST 2.0
 - New Additions to the NIST 2.0 Framework Functions

NIST 2.0 Cybersecurity Compliance | Part II

What if your security ecosystem was always ready to take on new threats and regulations that are constantly changing? Our webinar will explore common security gaps you need to be aware of and focus on protecting data from its core and everywhere across the organization. The session will examine best practices and technologies that will help you create a secure data infrastructure now, and in the future, so your organization is always prepared for the sophisticated threats.
Join Prime Factors Director of Product Management, Juan Asenjo and Encryption Consulting Security Architect, Parnashree Saha to hear insights on how to assess your data infrastructure and implement protection measures that will help you prepare for the threats of tomorrow and meet all the necessary compliance requirements. 

Join the webinar and learn:
- How you can identify your data security gaps?
- Why data-centric security is important?
- What application-level data protection means for your organization?
- Where to deploy it to enhance the security of your infrastructure?

Building a Data-Centric Secure Ecosystem

Join us to explore the critical role of code signing in enterprise cybersecurity strategies. Learn how code signing enhances trust, protects customer data, and protects brand integrity through secure software validation. With the rapid growth of digital signing driven by regulatory requirements and the rising need for security measures, it’s important to protect your organization from cyber threats. Our webinar will share insights on the impact of cyber incidents, effective strategies you can take into consideration, and what a well-defined code-signing process and practices look like for organizations. 
 
Key Takeaways:
- Discover how to implement effective code signing strategies to mitigate supply chain risks and unauthorized code distribution.
- Importance of regular certificate updates, auditing, and logging for maintaining compliance.
- The need for investing in code signing solutions to reduce costs and enhance security
- Enhanced security measures you can take through code signing that organizations can take to build customer confidence.
- Learn about digital signing of applications, firmware, and software that is driven by regulatory requirements and customer demands.
- How to properly manage and protect digital identities to prevent malicious use of software assets.
- Understand the potential ramifications of attacks exploiting insecure code signing..
- Common issues and threats related to code signing and how to address them.
- Explore common business risks of insecure code signing and how to effectively mitigate them
- Discover how to meet code signing requirements for enhanced security and compliance.

Securing The Enterprise with Code Signing Strategies for Protecting Client Data and Enhancing Trust

As organizations grow, so does their demand for digital certificates. Managing the lifecycle of these digital certificates is extremely important for maintaining the security and integrity of your organization’s data and communications. However manually managing certificates is not only time-consuming but also prone to human error, leading to potential security risks and costly certificate outages. Join our webinar to learn how automating PKI can help your Certificate Lifecycle Management (CLM) System. Our webinar will discuss the challenges of traditional certificate management and illustrate how automation can enhance efficiency, increase security, and ensure compliance.

Key Takeaways:
- Identify common pitfalls in manual certificate management that can lead to security vulnerabilities.
- Learn how automated certificate workflows can significantly mitigate human errors.
- Gain insights into the best practices for a smooth transition to automated certificate management.
- Learn how automated CLM can help ensure compliance with industry regulations and standards.
- Discover how to reduce operational costs through streamlined certificate management processes.
- Understand the importance of real-time monitoring and alerting in an automated CLM system.
- See how automation can help in managing certificates across diverse platforms and environments.
- Understand the role of PKI automation in supporting a zero-trust security framework.

Building a Resilient Certificate Lifecycle Management System with PKI Automation

2024 is moving quickly and across the globe, Post-Quantum Cryptography awareness is skyrocketing. With the increasing volume of ecosystem options available and emerging, now is the time to identify and test your priority enterprise applications and use cases. After identifying and highlighting some of the key challenges for PKI, Code Signing, IoT, and TLS use cases, this session will highlight real-life strategies already implemented to provide attendees with concrete examples for building & leveraging a PQC readiness plan. Most importantly, attendees will leave with a set of pragmatic steps for planning, budgeting, and communicating a Post-Quantum Cryptography (PQC) strategy.

PQC Readiness for 2024! How and why procrastination will only cause problems

In DevOps, speed and agility are crucial to ensure the security of your software delivery pipeline. Join our webinar to learn how DevOps teams can master code signing to enhance their agile software delivery practices. This webinar will discuss the significance of code signing in DevOps workflows and provide practical guidance on integrating it seamlessly into your continuous integration and delivery (CI/CD) pipelines.
 
Key Takeaways:
- Core principles of DevOps and why code signing is essential for securing software delivery.
- Common pitfalls and risks associated with lax code signing practices in DevOps workflow that leave your software vulnerable to attacks.
- Latest advancements in code signing technologies and how they can be leveraged to enhance security without slowing down development. 
- Best practices for securely managing certificates and private keys
- Strategies for integrating secure code signing into your CI/CD pipeline to boost performance and agility
- Regulatory requirements and industry standards related to code signing in DevOps and how to ensure compliance while maintaining agility.

Streamlining DevOps Security with Fast & Secure Code Signing

Code-Signing

Dev-Ops

Code-Sign

CI/CD Pipeline

Supply Chain

The IT security community on BrightTALK is composed of more than 200,000 IT security professionals trading relevant information on software assurance, network security and mobile security. Join the conversation by watching on-demand and live information security webinars and asking questions of experts and industry leaders.

IT Security

As an IT professional, many of the problems you face are multifaceted, complex and don’t lend themselves to simple solutions. The information technology community features useful and free information technology resources. Join to browse thousands of videos and webinars on ITIL best practices, IT security strategy and more presented by leading CTOs, CIOs and other technology experts.

Streamlining DevOps Security with Fast & Secure Code Signing

Presented by

About this talk

More from this channel