Calum M. MacLeod (Europe) - One Bad Apple

What's the impact of one bad apple? Whatever sphere of life you look at, there's always the "one bad apple", whether politics, business, and in the last few weeks in IT Security with the disclosure that a small company in the Netherlands called Diginotar were not as "trustworthy" as many thought.

Now of course your perception of who the "bad apple" is will off course depend on your viewpoint. To some Julian Assange or "Anonymous", are the good apples, and the authorities are the bad apples. But whatever your viewpoint, the question I think we need to ask is; does "one bad apple" mean the whole lot is bad.

In the case of internet security, questions are now being raised about Public Key Infrastructures (PKI), SSL, and Certificate Authorities, simply because one Certificate Authority known as Diginotar appeared to have less understanding about securing their servers than the average grandmother! Whoever illegally accessed Diginotar certainly haven't been complaining about them, and of course Diginotar competitors have been having a field day - Christmas has come early!

And everyone who has ever dealt with Diginotar have spent the last two weeks blaming them for everything from the rotten summer to the collapse of the Greek economy. Add to that, the wave of "PKI experts" that have suddenly appeared telling us that the whole thing is rotten to the core.

However what they're not saying is that due to their failure to keep track of their certificates, they are running around like headless chickens trying to discover if they had any Diginotar certs. In fact many are still running around, and apparently headless chickens can do this for some time. The record apparently is four and half years!

Let's face it, there is no such thing as perfect security and whether we're talking about RSA tokens, or some certificate authority, or a crypto algorithm, or key lengths, or whatever, there's always room for improvement, and we are in a business that is always progressing and always reinventing itself.

But regardless of which certificate authority you use - and don't put your eggs in one "basket" - ultimately you need to put your own house in order and manage your keys and certificates. Otherwise you'll be the headless chicken running around trying to find needles in haystacks because another rotten apple just made the news!

Calum MacLeod is currently EMEA director for Venafi, a digital certificate and encryption key management specialists. He has over 30 years of expertise in secure networking technologies. For further information visit: venafi


« Paddy Falls (US) - Am I Available in the Cloud?


Dr Prasad Ramanathan (India) - Key Considerations for Guiding the Strategy of Enterprise Mobility Adoption - part I »

Recommended for You

Trump hits partial pause on Huawei ban, but 5G concerns persist

Phil Muncaster reports on China and beyond

FinancialForce profits from PSA investment

Martin Veitch's inside track on today’s tech trends

Future-proofing the Middle East

Keri Allan looks at the latest trends and technologies


Do you think your smartphone is making you a workaholic?