As the curtains closed on Simplify PKI 2021 – AppViewX’s very first event on all things crypto, we couldn’t help but marvel at the wealth of insights that the sessions had generated. Each session was an eye-opener, and each presenter had something that made the audience (and even the other panelists) go, “Wow, I never thought of that!” Our evidence? Questions thrown at the presenters faster than they could answer, follow-up emails asking for one-on-one sessions, and even some proof of concept sign-ups!
One such enlightening session was presented by David Mahdi, the Sr. Director Analyst at Gartner. His session on Journey to a World-Class Crypto Center of Excellence opened up a whole new way of thinking and brought to light hitherto unknown facts about Enterprise Crypto while deconstructing and simplifying seemingly complex ideologies.
In this blog, we bring you some key takeaways from the session. Read on!
The Hero’s Journey
Crypto Center of Excellence (CCOE) journey’s map, which, like any other journey, is full of highs and lows, crests and pitfalls, to reach the glorious but evasive summit. The Hero’s Journey (shown below) can be construed for CCOE in the following way-
The Call to Adventure: Where an enterprise is pushed out of its comfort zone due to external or internal circumstances, such as customers moving online, a long-overdue expansion, etc., and is motivated or forced to rethink its strategy.
The Threshold: Where the enterprise enlists the help of seasoned professionals to guide them along their journey. This could be an external agency (an analyst such as David Mahdi), or a technology such as the cloud, serving as the means to an end.
The Abyss: Where the enterprise experiences its first trial by fire. This could be an outage or a data breach, where the enterprise incurs significant service disruption, customer escalations, or loss in revenue.
The Transformation: Where an enterprise emerges from the trial transformed. Here, it learns from its mistakes and implements radical measures. In the CCOE journey, this could be realizing the need for a CCOE, enforcing stricter policies, and investing in cybersecurity tools to strengthen their security posture. As Mahdi says, “Don’t let a good breach go to waste.”
Digital Transformation and Trust
Digital transformation isn’t a thing of the future anymore. It’s something we’re living through now. Covid-19 has accelerated digital transformation; remote work and online customer trends have necessitated every business to become a digital business. Digital businesses generate a humongous volume of data, leading to an exponential rise in machines to store and process this data.
Here’s a great example of digital business – a new-age logistics company. This company uses sensors to track the temperature, origin, docking of ships, etc. – all of which are data elements. Operators could use these data elements to make mission-critical decisions. For example, they could gauge the weather conditions with sensors and ask a ship at sea to delay its arrival by a few hours to save on fuel costs.
But, how can these sensors be trusted? Let’s say a bad actor tampered with a temperature sensor, setting it to display the temperature lower than it actually is. If the container has temperature-sensitive items such as food or some equipment, they’re gone for good. And the scary part is operators may not even be aware the sensor has been tampered with to do anything about it.
For digital transformation to work, to realize business outcomes in the digital era, you need machines to communicate securely and effectively. How do you establish trust in machines? By building a trust fabric through identity assignation, authentication, and digital signatures. In a distributed but connected environment, you need to manage your machine identities (keys and certificates) in an agile and automated way. That’s one of the core tenets of CCOE.