Name: Automating Keyfactor Deployments With Helm And Container Signing
Start: 2022-11-29T12:32:00Z
End: 2022-11-29T13:22:53.000Z
Location: BrightTALK
Rating: 5

Keyfactor is the machine and IoT identity platform for modern enterprises. The company helps security teams manage cryptography as critical infrastructure by simplifying PKI, automating certificate lifecycle management, and enabling crypto-agility at scale. Companies trust Keyfactor to secure every digital key and certificate for multi-cloud enterprises, DevOps, and embedded IoT security. 

In today's digital landscape, certificates play a crucial role in securing communication channels and ensuring data privacy. However, as the number of certificates used by organizations grows, it becomes increasingly challenging to manage them effectively. Certificate outages can result in costly downtime and security breaches. Certificate visibility, management, and automation are critical components of a comprehensive security strategy to prevent outages.

In this webinar, we'll cover how to gain full visibility, take back control, and enable automation to prevent certificate outages followed by a brief demonstration of how Keyfactor does it.

Crawl, Walk, Run – A Practical Approach to Preventing Certificate Outages

For the third consecutive year, Keyfactor and The Ponemon Institute have collaborated on the State of Machine Identity Management report —an in-depth look at the role of PKI, keys, and digital certificates in securing IT organizations across EMEA and North America. In this session, Chris Hickman, Chief Security Officer of Keyfactor, will reveal the findings of the 2023 report, uncover trends in PKI, signing, and identity management, and discuss how the machine identity landscape continues to evolve. 

 Join this session to learn: 

Findings from the 2023 State of Machine Identity Management report 

Trends and best practices in PKI, signing, and certificate management 

How PKI and machine identity is impacting business and boardrooms

State of Machine Identity Management

Join our upcoming webinar, "Open Industrial PKI OiPKI - Securing the Connected Factory," to learn how to ensure secure data exchange in the digitalization of your factory. During this session, we will discuss the importance of x.509 certificates in facilitating essential cybersecurity mechanisms for reliable communication, both on the web and on the factory floor. Whether for device identification or safeguarding data communication with TLS, x.509 certificates are the foundation for a secure digital future. However, many factories face the challenge of not having a PKI infrastructure to issue and manage certificates. That's why we are excited to introduce the Open Industrial PKI (OiPKI), a free service for issuing and managing x.509 certificates that makes it easy for you to get started. Don't miss this opportunity to learn how OiPKI can help secure your factory's digitalization efforts. 

In this webinar, we will cover:

     - The role of x.509 certificates in securing data exchange in the digitalization of the factory
     - The challenges of not having a PKI infrastructure to issue and manage certificatesHow the 
     - Open Industrial PKI (OiPKI) can help you get started with secure digitalization efforts in your factory.


Earn 1 CPE credit on this webinar. Keyfactor is an approved (ISC)2 CPE Submitter, partner.

Open Industrial PKI OiPKI – Securing the connected Factory

In this session, you'll learn how Rakuten approaches PKI design, implementation, and automation for both their 5G infrastructure and Enterprise IT applications. We'll cover best practices for PKI architecture and deployment using EJBCA and containers, migration from RSA to ECDSA, and meeting changing regulatory requirements. We'll also touch on the reasons for leveraging protocol-based (CMPv2) versus non-standards based automation (Keyfactor Command).

Building a Modern PKI for Enterprise & 5G Applications

Many global corporations manufacturing IoT devices today outsource this critical business function. It's not surprising that security concerns are rising regarding data and secret key provisioning at the manufacturing stage. 

Therefore, OEM, EMS, and electronic device manufacturers deploying PKI and providing secret keys face serious security challenges. 

Laurent Masson, CTO of Trusted Objects, will review the vulnerabilities and risks that companies encounter as part of the standard IoT device manufacturing process.  

Through a zero-trust lens, Laurent will explain how to secure each step of this process with state-of-the-art solutions. He'll also discuss how to deliver PKI in manufacturing in a secure way, even in an untrusted environment. 

Laurent will also share his experience securely provisioning a generic MCU. This use case will demonstrate how an initial certificate can be securely delivered and injected by the OEM during manufacturing to comply with the Matter Connectivity standard. 

Earn 0.25 CPE  credits on this session. Keyfactor is an approved (ISC)² CPE Submitter, partner.

Supply Chain Security

The landscape of European Union cybersecurity-related legislation is constantly changing. Various acts are already enforced or still under discussion – covering more and more areas, and complementing each other. These acts mention standards as the base for demonstrating compliance with specific requirements. In this presentation, Sławomir Górniak, Senior Cybersecurity Expert with the European Union Agency for Cybersecurity (ENISA), will provide insight into the current situation with the European legislation and standardization, as well as look ahead to areas of interest.

Earn 0.25 CPE  credits on this session. Keyfactor is an approved (ISC)² CPE Submitter, partner.

Standardization in Support of the European Union Legislation

Siemens Product PKI Certificate Management and Digital Signature services - these services are used as a one-stop internal service to provide Siemens business units a highly trustworthy solution to handle all of their digital certificates and signature needs.  

In this presentation Antonio will cover:  

High-level use case introduction: SW signing (via, for example, CMS signatures) and which protection goals it helps achieve, specifically in the Siemens ecosystem  

How SW signing is done today with traditional cryptography and SignServer + EJBCA within the Siemens ecosystem 

How SW signing can be securely done in the future employing PQC, e.g., "NIST 3rd" round digital signature algorithms or stateful HBS schemes (c.f. Commercial National Security Algorithm Suite 2.0)  

Presenting results of PoC with PQC signature algorithms such as Dilithium, including remaining open topics to have an end-to-end PQC SW signing in place. 

Earn 0.25 CPE  credits on this session. Keyfactor is an approved (ISC)² CPE Submitter, partner.

Software Signing in the Quantum Age

As the CA/Browser Forum Chair and participant in several PKI industry forums like ACAB-c, ETSI ESI, and the PKI Consortium, Dimitris Zacharopoulos will provide an update on topics including:  

Publicly trusted Server TLS, code signing, and S/MIME certificates 

ETSI ESI standards for Trust Service Providers  

ACAB'c activities  

PKI Consortium activities 

Earn 0.25 CPE  credits on this session. Keyfactor is an approved (ISC)² CPE Submitter, partner.

Public Trust, CA/Browser Forum, and PKI Industry Update

Code signing is a powerful method to protect the integrity of containers, artifacts, and software across the CI/CD pipeline. But signing is more than just certificates and signatures. It’s about integrating the sign and verify process into your pipeline while keeping sensitive keys secure and in the right hands.

If signing processes aren’t secure, it opens to door to malware, exploits, and supply chain attacks. Join Eric Mizell, VP of Solutions Engineering, and Ryan Sanders, Director of Product Marketing, as they discuss how to integrate fast and secure signing within your CI/CD pipeline.

In this webinar, you’ll learn:

Where code signing fits into the CI/CD pipeline

Best practices for signing key protection and policy control

How Keyfactor Signum makes signing fast and secure, including a live demo

Integrating Secure Code Signing in the CI/CD Pipeline

IEC 62443 requires the use of secure identities for devices and the protection of integrity and authenticity of software and firmware. In this session, Dr. Lutz Jänicke, Corporate Product & Solution Security Officer of Phoenix Contact, will discuss these requirements and the security requirements for IEEE 802.1AR device identity certificates. He’ll cover how future use cases like zero-touch provisioning can be supported.  
 
Jänicke will dive into how digital signatures for software and firmware can be realized with an attached signature infrastructure in different formats needed from plain (raw) signatures up to Advanced digital Electronic Signatures (AdES). 

Attendees will learn about requirements from the IEC 62443 security standard, a solution for supporting infrastructure, and discussion about the implementation at the supplier of automation components Phoenix Contact. 

Earn 0.25 CPE  credits on this session. Keyfactor is an approved (ISC)² CPE Submitter, partner.

Public Key and Signature Infrastructure for Industrial Security

No one knows exactly when a large-scale quantum computer will be invented. When it does happen, all public key cryptography in use today will be at risk, allowing recorded encrypted traffic to be recovered. As a result, post-quantum cryptography (PQC) is being developed and standardized. Next, many internet security protocols will be enhanced to use PQC algorithms. Once the protocols have been developed it will take many years to transition. 

Earn 0.50 CPE  credits on this session. Keyfactor is an approved (ISC)² CPE Submitter, partner.

Planning for Post-Quantum Cryptography: Evolution of Internet Standards

From the Internet to the Internet of Things (IoT), PKI has been and continues to be the bedrock of trust in our digital world. Just when we think PKI has reached its limit, another innovative use case emerges – from e-commerce to the cloud, e-passports to planes, trains, and automobiles – PKI is everywhere. 

Take a step back in time with Ted Shorter, CTO at Keyfactor, as he shares 20 years in the PKI industry with PrimeKey and Keyfactor, and shares what the lessons of the PKI past can teach us about the future as we approach yet another crossroads: Post Quantum Cryptography.

Earn 0.50 CPE  credits on this session. Keyfactor is an approved (ISC)² CPE Submitter, partner.

20 Years of Digital Trust: PKI from the Internet to IoT

OPC UA is a communication standard from the OPC Foundation for industrial automation and the IIoT. It is designed to allow different devices and systems from different manufacturers to communicate with each other in a secure and reliable way. 

In this session, Matthias Damm, CEO of Unified Automation, will introduce OPC UA and explain how to automate certificate management for OPC UA applications. Matthias will show how these mechanisms are implemented in Unified Automation products and how they are integrated with a Keyfactor PKI. 

Attendees will learn how secure device provisioning has been integrated into the latest revision of OPC UA. 

Finally, Florian Handke, Smart Production Engineer, Campus Schwarzwald, and Andreas Philipp, Senior Business Development Manager, IoT, Keyfactor, will present an upcoming free service that will ensure that certifications are no longer a show-stopper in the industry. 

Earn 0.25 CPE  credits on this session. Keyfactor is an approved (ISC)² CPE Submitter, partner.

Industrial Automation and Certificates Management

In this session, Tomas Gustavsson, Chief PKI Officer, Keyfactor, will share his take on trending PKI topics from the last year, including the challenges associated with successful PKI deployment and implementation. He'll dive deeper into the technical details of these challenges and offer strategies to help teams overcome them. Think topics such as HSMs and cloud, IoT standards and Covid-19 certificates, and much more. 

Earn 0.25 CPE  credits on this session. Keyfactor is an approved (ISC)² CPE Submitter, partner.

Hardcore PKI

The last twelve months has seen the conclusion of the first stage of NIST's PQC competition and the final round for NIST's Lightweight Cryptography competition. Organizations like BSI and ETSI have also produced reports in the area. In this session, David Hook, VP Crypto Workshop, Keyfactor, will look at some of the details of the algorithms chosen, the motivations for selection, and how these new algorithms are positioned to be useful for servers and the smaller devices making up the Internet of Things.

Earn 0.50 CPE  credits on this session. Keyfactor is an approved (ISC)² CPE Submitter, partner.

Hardcore Crypto

The Bundesnotarkammer (Federal Chamber of Notaries) was mandated to build and host a secure platform to preserve all notarial deeds created in Germany. The system requires all documents to be end-to-end-encrypted with keys that are only available to 7,300 notaries. To make this possible, the archive relies on secure identities and devices to create, store, and share keys in the notaries’ offices. 

  This session will cover: 

Security aspects of the project that ensure the confidentiality and availability of the documents over a period of 100 years. 

How document encryption and the concept of key domains for the secure key sharing between smart cards works.  

An overview of decentralized key management and what it means to do all this without having a central master key. 

Earn 0.25 CPE  credits on this session. Keyfactor is an approved (ISC)² CPE Submitter, partner.

Electronic Deeds Archive with Decentralized Key Management

The European digital identity wallet will be available to EU citizens, residents, and businesses that want to identify themselves or provide confirmation of certain personal information. It can be used for both online and offline public and private services across the EU. The wallets will be based on trusted digital identities provided by Member States, improving their effectiveness, extending their benefits to the private sector, and offering personal digital wallets that are safe, free, convenient to use, and protect personal data.  

For this initiative, the Commission builds on the existing cross-border legal framework for trusted digital identities, the European electronic identification and trust services initiative (eIDAS Regulation).  

The session will cover the latest concepts for implementation, the relevant standard initiatives (ISO, CEN, and ETSI), and the pros and cons of this ambitious project in the context of the Digital Service Act and the Digital Market Act. 



Earn 0.25 CPE  credits on this session. Keyfactor is an approved (ISC)² CPE Submitter, partner.

The eIDAS-Wallet in 2024: A "Blue Wonder" for eID and Trust Service Providers?

Development teams often use Continuous Integration (CI) tools (e.g., Jenkins, Bamboo, Team City, CircleCI, Concourse, etc.) and Continuous Deployment (CD) tools (e.g., Harness, etc.) in their SDLC cycles. Karthik Lalithraj, Keyfactor's Director of Solutions Engineering, East, will address some of the more complex questions facing enterprises today. Attendees will come away with answers to questions such as:   

How can teams integrate Continuous Security (CS) within the CI/CD process using digital signing?  

How can teams secure the private key while simultaneously providing code-signing access to various groups? How does this process work across globally disparate teams and individuals?  

How can you stop lousy development practices?  

Can we audit this?  

And finally, how do teams consume and validate these artifacts?  

This talk will cover how these challenges are quickly addressed in the enterprise. 

Earn 0.25 CPE  credits on this session. Keyfactor is an approved (ISC)² CPE Submitter, partner.

Securing the DevOps CI/CD Pipeline

Step into a world where EJBCA and SignServer can be deployed using Docker containers and Helm charts. In this workshop, Keyfactor’s Sven Rajala, Alfredo Neira, and Anton Hodell will show you how – as well as how to use the setup for container signing.

Get CPE Credits
Earn 0.75 CPE credit on this workshop. Keyfactor is an Approved (ISC)2 CPE Submitter Partner.
https://www.isc2.org/

Agenda
- Overview of included technologies, e.g. Kubernetes and Helm
- Deploying EJBCA and SignServer containers using Helm charts
- EJBCA and SignServer use cases: Issue TLS certificates using EJBCA, Sign container using SignServer, Configure Podman for only signed containers

What You Will Learn
After the workshop, you will know how to:
- Deploy EJBCA-CE and SignServer-CE containers on Kubernetes Minikube and Podman using Helm charts.
- Issue certificates against an EJBCA-CE Certification Authority using the Easy Rest Client via the EJBCA-CE REST API interface.
- Sign a Podman container using SignServer-CE and configuring Podman to only allow signed containers to run.

This workshop was also held live at the Keyfactor Community Tech Meetup in Stockholm on September 7, 2022.

Automating Keyfactor Deployments With Helm And Container Signing

Automation

Containerization

Cloud computing has exploded over the past few years, delivering a previously unimagined level of workplace mobility and flexibility. The cloud computing community on BrightTALK is made up of thousands of engaged professionals learning from the latest cloud computing research and resources. Join the community to expand your cloud computing knowledge and have your questions answered in live sessions with industry experts and vendor representatives.

Cloud Computing

The IT security community on BrightTALK is composed of more than 200,000 IT security professionals trading relevant information on software assurance, network security and mobile security. Join the conversation by watching on-demand and live information security webinars and asking questions of experts and industry leaders.

IT Security

Increasing expectations for good governance, effective risk management and complex demands for corporate compliance are presenting a growing challenge for organizations of all sizes. Join industry thought leaders as they provide you with practical advice on how to implement successful risk and compliance management strategies across your organization. Browse risk management resources in the form of interactive webinars and videos and ask questions of expert GRC professionals.

IT Governance, Risk and Compliance

Network infrastructure professionals understand that a reliable and secure infrastructure is crucial to enabling business execution. Join the network infrastructure community to interact with thousands of IT professionals. Browse hundreds of on-demand and live webinars and videos to learn about the latest trends in network computing, SDN, WAN optimization and more.

Network Infrastructure

As an IT professional, many of the problems you face are multifaceted, complex and don’t lend themselves to simple solutions. The information technology community features useful and free information technology resources. Join to browse thousands of videos and webinars on ITIL best practices, IT security strategy and more presented by leading CTOs, CIOs and other technology experts.

Information Technology

Thousands of healthcare IT professionals compose the health IT community on BrightTALK. Learn alongside them with relevant webinars on healthcare IT compliance, big data in healthcare and IT solutions for healthcare organizations. Join the conversation by asking questions and engaging with other participants during live webinars and organized discussions.

Health IT

The research and development community on BrightTALK brings together leading professionals in healthcare, technology and manufacturing to present on current topics in their fields. From big data in healthcare to online forensics training and medical research practices, the community is an exceptional resource for those looking to expand their knowledge. Be part of the conversation by joining the community and participating in interactive live webinars.

Automating Keyfactor Deployments With Helm And Container Signing

Presented by

About this talk

More from this channel