CSS Research White Papers

Threat intelligence insights from leading cyber security experts

Crypto-Agile PKI for the Future

Published - June 25, 2018

In an evolving cyber security landscape, defenses must continually evolve. Static systems are not only inherently insecure, they are less so with each passing day. This principle applies to cryptography as much as to other types of cyber-defenses. And with the advent of quantum computing, most analysts agree that common cryptographic algorithms will eventually become ineffective. The scale of the potential threat is immense — for nearly all the hardware and software we use in both traditional IT environments and burgeoning Internet of Things ecosystems. 

Download the eBook to learn:

  • Threats posed by quantum computing, algorithm deprecation, and breach
  • How to ensure business continuity by executing with crypto-agility
  • The basic principle of crypto-agility - knowing what you have and how to update it at scale

Download eBook

Crypto-Agility for IoT

Published - April 17, 2018

It is inevitable that many IoT devices will operate for durations that extend well beyond the effectiveness of their cryptographic keys. With this predestined outcome, readiness becomes a necessity. Not the readiness to respond to broken algorithms and their impact on data and communications, although that is also important, but the readiness to respond to crypto risk. The ability to act before threats become real, and to take action that results in a state where cryptography and its usage, whether for data in motion or data at rest, has its integrity upheld.

Download the white paper to learn:

  • The state of cryptography and crypto-agility basics
  • Scenario examples defining the true need for crypto-agile solutions
  • Why implementing an IoT device strategy without considering crypto-agility is a mistake

Download White Paper

PKI Automation for the Future

Published - February 13, 2018

Manual PKI management processes including spreadsheets and advanced monitoring tools may have worked well for small certificate counts and environments with limited issuance capabilities, but organizations today have realized that there are more certificates deployed than they can keep track of, or even know of. The result is an increase in efforts and cost to stay on top of them and degradation of security due to error and omission.

Download the exclusive White Paper to learn how automation helps deliver on the promises of PKI and the goals of your IT strategy:

  • Defining the 3 Goals of PKI: Comprehensive Security, Operational Efficiency, and Business Continuity
  • What is PKI Automation? How can it help me?
  • Examples of PKI automation use cases 

Download White Paper

IoT Security for the Future: 5 Guiding Tenets

Published - February 6, 2018

CMS VerdeTTo™ from Certified Security Solutions (CSS) establishes trusted identity for your devices and provides complete identity lifecycle management for your IoT ecosystem. CMS VerdeTTo™ establishes a private Root of Trust, which together with unique identity on every device sets the stage for the critical functions of authentication, authorization, and encryption. that establishes trusted identity and on-going lifecycle management for IoT devices.

Download white paper to learn:

  • The future of IoT and IoT security
  • Industrial IoT (IIoT) ups the ante – impacts of high risk industries like Healthcare and Automotive
  • 5 guiding tenets of IoT Security
  • How Public Key Infrastructure (PKI) and a Root of Trust provides a secure foundation for IoT devices, platforms, applications, and data analytics


Download White Paper

CMS Sapphire™ ROI - Making the Case for a Professionally Managed Public Key Infrastructure (PKI)

Published - October 1, 2017

CMS Sapphire™ professionally managed Public Key Infrastructure (PKI) from Certified Security Solutions (CSS) allows you to maintain complete control over the use of your Root CA keys and PKI recovery materials while transferring day-to-day PKI management and oversight to experts.Download white paper to learn:

  • What is a Managed PKI?
  • How a CMS Sapphire™ Managed PKI works
  • Why a Managed PKI is necessary
  • Dissect the guaranteed ROI between CSS' Managed PKI and an In-House PKI deployment


Download White Paper

Manage Your Symantec™/VeriSign SSL Certificates with a Certificate Lifecycle and PKI Operations Platform

Published - September 13, 2017

Is your organization overwhelmed by manual Public Key Infrastructure (PKI) and SSL certificate management processes? Burdened with worry of rogue SSL certificates or certificate-related outages? Running mission critical systems using internally issued SSL certificates alongside of SSL certificates purchased from a third party (such as Symantec™/VeriSign, Thawte® or GeoTrust®)?

Download entire guide to explore seven beneficial features you're missing without a Certificate Lifecycle & PKI Operations Platform. 


Download Benefit Guide

5 Risks of Gambling with a Wild Certificate Count and PKI

Published - August 17, 2017

Gambling means being prepared to lose everything. When working with an out of control, unmanaged digital certificate count and public key infrastructure (PKI), the risks of facing issues with financial and productivity losses are extremely high. Are you prepared to gamble with some of your most valuable IT assets?

Download entire guide to explore five common unmanaged certificate and PKI related scenarios, their financial implications and how to prevent them from occurring in your enterprise. 

Download Benefit Guide

7 Beneficial Features You’re Missing Without a Certificate Lifecycle & PKI Operations Platform

Published - June 22, 2017

Overwhelmed by manual Public Key Infrastructure (PKI) & certificate management processes? Burdened with worry of rogue certificates or certificate-related outages? Worried you've lost all control of your PKI? Stop losing and start gaining control by actualizing the features and benefits not available when manually managing your digital certificates and PKI.

7 Beneficial Features You're Missing Without a Certificate Lifecycle & PKI Operations Platform: 

  • The importance of the automated management of digital certificates and PKI operations
  • How metadata can change your certificate reporting for good
  • Issues with using Simple Certificate Enrollment Protocol (SCEP) and how to fix them
  • Download to view entire guide

Download Benefit Guide

Identity, Security, and the Internet of Things-
Knowing Your Device is Securing Your Device
White Paper

Published - May 26, 2017

As the IoT market expands, it’s all too common for vendors to push unsecured IoT technology to the market. Many IoT devices consist of parts from various hardware vendors, each created according to different security principles. The result is an environment where the lowest common denominator of security measures rules, inviting malicious activity that can wreak havoc on businesses, institutions, and critical infrastructure. Learn more on the security challenges of IoT and how CMS VerdeTTo leverages Public Key Infrastructure (PKI) to establish unique device identities in the form of digital certificates and extended identity attributes to secure millions of devices. 

Learn more on the security challenges of IoT and how the CMS VerdeTTo Access Valve engineered specifically for ThingWorx platform users leverages Public Key Infrastructure (PKI) to establish unique device identities in the form of digital certificates and extended identity attributes to secure millions of devices.

Download White Paper

Digital Certificates - A Critical Line of Defense Against Cybercrime White Paper

Published - December 19, 2016

Public Key Infrastructure (PKI) has advanced tremendously since the early days, from simply identifying websites and securing ecommerce transactions to routinely issuing massive certificate deployments, making PKI a top priority for IT departments. The evolution of PKI has become significant, given the takeover of IoT and increased usage of digital certificates, today’s use cases for PKI have become markedly more innovative.

Download this white paper to learn about PKI’s evolution and how to prepare your organizations PKI for the future.

  • Growth of New Digital Certificates Deployments
  • Increased Reliance on PKI
  • Practices to Secure PKI
  • PKI Deployment Challenges
  • Technology Drivers for PKI Upgrade, Migration and Cyber Security Changes

Download White Paper

Best Practices for Public Key Infrastructure (PKI) Implementation Project Management White Paper

Published - October 27, 2016

Today’s evolving cyber security landscape demands the high assurance, scalability and security of digital certificates issued from a trusted PKI to successfully secure enterprises. However, an effective PKI can be difficult to implement and manage without knowledgeable and dedicated resources in-house. Although attempting a deployment on your own sounds appealing and more cost effective, the key to a successful PKI implementation is fully understanding the entirety of the project before beginning. By outlining each critical task up front, it’s easy to quickly realize the importance of enlisting dedicated resources to assist with the entire process from day one.

Download the white paper to learn more about PKI implementations - the best practices and key overall project considerations including:

  • PKI design, policies and key signing ceremony details
  • Critical timeline and project phases
  • Appropriate skill level and availability of internal expertise
  • Major differences in implementing a PKI In-house vs. working with an expert

Download White Paper

Public Key Infrastructure (PKI) - The New Best Practices White Paper

Published - July 28, 2016

Public Key Infrastructure (PKI) has undergone an evolution since its commercial introduction in the 1990s. Aging enterprise PKIs may not be a fit for current compliance, regulatory or technical requirements for new enterprise and IoT use cases. Today, companies are having to decide how to ensure the ongoing trust of old and new PKI environments and the resulting digital certificates.

Download this white paper to learn about PKI progress and the decisions your organization may need to consider, including:

  • PKI evolution and new risks
  • Best practices for today’s PKI controls
  • Remediating what makes sense vs. starting fresh
  • PKI operations management tools
  • External audit considerations

Download White Paper

Public Key Infrastructure (PKI) for the Internet of Things (IoT) White Paper

Published - June 30, 2016

Digital certificates continue to be a cost-effective and efficient method to authenticate, secure and validate diverse endpoints and data in IoT systems. As organizations recognize the cost savings and flexibility associated with establishing their own PKI, they’re also learning that the typical enterprise PKI is not a good fit for unique IoT systems.

Download this white paper to learn about unique PKI for IoT considerations including:

  • Importance of authentication, encryption and signing for IoT devices, data, users and applications
  • How PKI for IoT is different from a typical enterprise PKI
  • Challenges related to high volume, low power devices, disparate endpoint owners and multiple relying parties
  • Issues and best practices for IoT PKI trust, scalability and uptime
  • IoT PKI design considerations

Download White Paper

Digital Certificate Template Best Practices White Paper

Published - May 26, 2016

Digital certificate templates contain properties common to all certificates issued by Microsoft® enterprise certification authorities (CAs) based on that template, giving administrators more control over their Public Key Infrastructure (PKI). Learn how effectively organized, documented, and managed certificate templates help administrators manage a diverse subscriber base, minimize the risk of issuing incorrect certificates, and support reporting for security compliance requirements.

Download White Paper

SHA-1 Deprecation Challenges & Solutions White Paper

Published - April 21, 2016

Moving from SHA-1 digital certificates to SHA-2 is vital to defend against cyber criminals. SHA-1 certificates are no longer being issued and are sched­uled to reach their expiration before January 1, 2017. Continued use of SHA-1 certificates places your organization in a cryptographically insecure position against cyber adversaries. Time is running out to identify and implement a SHA-1 deprecation plan to ensure that every certificate your organization is upgraded to the secure SHA-2 algorithm.

Download the CSS Research “SHA-1 Deprecation Challenges & Solutions” white paper to learn:

  • Why SHA-1 is being deprecated
  • Deprecation tim­ing
  • SHA-2 migration challenges
  • Best practices and resources to complete the transition

Download White Paper