Calum MacLeod on trust

This article first appeared in issue 239 of .net magazine – the world's best-selling magazine for web designers and developers.

.net: So, what is the black art of EKCM?
Enterprise Key and Certificate Management (EKCM) is all about the control over trust. In today’s enterprise, and out in the cloud, trust is established by cryptographic keys and digital certificates used with everything from web servers to cash points and smartphones. In global enterprises there are tens of thousands of keys and certificates – most unknown beyond the administrator or developer who need them to get their job done.

To the average developer or administrator, keys and certificates are a necessary evil. But small errors or oversights have caused borders to close, aeroplanes to stop flying and entire governments to shut down communications. Now malicious attackers are using the trust that’s too often taken for granted to attack enterprises by stealing digital certificates or faking signatures to make code appear to come from a trustworthy source.

Lose control over the trust with keys and certificates and there is no way you can live up to the responsibility outlined in regulations.

.net: Given the size and complexity of global enterprises, can we realistically expect just one person or team of manage security of this kind?
Establishing trust doesn’t take just one person or one machine and can’t be managed by any single person in a global enterprise. People own devices, administrators manage servers and virtual machines, and developers build applications. While you can automate every single process in using keys and certificates, from the generation, issuance and installation, you can’t complete the process. Therefore, you have control over trust without connecting the people who are responsible and benefit from its use. Ultimately, security relies on a person, in this case the administrator or developer, who can make wrong or right choices with the applications that use keys and certificates.

.net: At a technical level, how can web developers involve themselves in the process?
Developers are experts in many things, but trying to keep up with cryptographic standards, best practices, certificate policies and more, is impossible and actually not required. EKCM takes care of all these painful details by creating inventories, setting policies and automating those policies, and then reporting back the status of trust across the entire enterprise. Developers must be part of this process and be counted along with the keys and certificates. While a cryptographic expert in an enterprise may know the right policies to set, he’ll never know how each of the thousands of keys and certificates are meant to be used everyday. That’s the responsibility of developers and administrators.

.net: Is the business of encryption in danger of making itself sound too complex?
Acronyms like CA, VA, RA, DN, and CN are all just part of perpetuating the black art of key and certificate management. That’s what the vast majority of administrators need to know. It’s the trust your customers have in your web services, the trust your employees have in safely using their mobile devices, or the trust your database has in communicating out the sensitive data to application servers.

.net: And designers. Is there a place for design and user experience here to help turn complexity into something more human?
Since connecting administrators and developers into the process of controlling trust is so important, it’s natural that good design is important. Making the process of understanding what key and certificate you’re responsible for, or informing you of when there are issues, are important contributions that designers can contribute to controlling the trust established by keys and certificates.

.net: As long as people are involved there’s always going to be risk. Are we ever going to achieve absolute security?
Designing a system that’s 100 per cent secure in a networked and connected world is impossible. That’s the tough reality and truth. While there are more secure systems than others, attackers, with an infinite amount of time and effort, can find ways to infiltrate systems, especially when people are involved. That’s why controlling the trust established with keys and certificates is so important. A relative state of insecurity makes you an easier target. Controlling trust and making sure the enterprise is a target no one would want to bother with is all part of the role of EKCM.

Discover 20 steps to the perfect website layout at our sister site, Creative Bloq.