May 3, 2021 (New York): Cleveland, OH-based Keyfactor and Stockholm, SE-based PrimeKey recently announced the merger of their companies. Moving forward under the Keyfactor brand, the merger will allow enterprise security and operations teams to move toward crypto agility and integrated PKI-as-a-service. Keyfactor, already a leader in certificate management prior to the merger, saw an opportunity to pioneer with the certificate authority (CA) to provide ease of use and automated machine identity management.
In the past few years, as enterprises have embraced zero trust as a driving security principle, machine identity management has gained the attention of operators and security strategists alike. Identity and access are the new security control plane, and companies have seen how improperly managed, non-human—or machine—identities play a major role in the security risk equation.
Several notable security compromises including Equifax, LinkedIn, Strathmore College, and data management firm Veeam, demonstrate why, exactly, machine identity, and in particular, certificate management, are crucial to risk mitigation. Keyfactor, with its certificate lifecycle automation, combined with PrimeKey’s certificate issuance platform, gives users a one-stop-shop for machine identity management. This merger promises to up-level the conversation around identity and access management (IAM) and give enterprise end users a way to address IAM holistically and not just as a human-driven problem.
Mark Thompson, Vice President of Product Management at Keyfactor explained that the merger represents “the first time in security we’ve seen a software platform company coming together with the world’s most popular open source certificate authority. What this means for the industry is that they can now achieve crypto agility within one deployment.”
At TAG Cyber, we frequently speak with enterprises struggling to manage their “crypto mess.” With the ubiquity and prevalence of cloud, DevOps, and IoT, the number of keys/certifications a company manages has increased 10-fold (or more, in some cases). This has precipitated a change in how companies have to look at key and certificate management—and fairly rapidly. Keyfactor, with its established product line, already went a long way toward helping companies manage the exponentially increasing number of devices with shorter certification expiry times, at scale and speed.
The evolution to managing machine identities is a critical element of preventing cyber compromise, whether that’s a data breach or largescale system disruption. We at TAG Cyber have long held the position that identity isn’t relegated to humans and their endpoint devices, and we’re excited to see another company focusing on expanding the definition of “identity” and presenting a solution across a breadth of use cases.
Cryptography has been a standing problem for enterprise security teams for years: it's hard, it’s messy, and manually keeping up with PKI management is drudgery. An automated, end-to-end machine identity management solution will be key with enterprises. Furthermore, taking the viewpoint that keys, certificate, and secrets serve as identity attributes will help security teams fit crypto management into established programs that already align with cyber risk.