When certificates expire, they can, for example, trigger website outages or stop an airline baggage system. Certificates may also become compromised, posing great security threats. "If something shows up that wasn't there yesterday, you can assume it's no good," Moskites says. In recent years, Heartbleed, Stuxnet and other certificate-related vulnerabilities have struck fear into CIOs and CISOs.
What Venafi does
Most companies acquire such certificates from VeriSign or some other provider, create loads of documentation around them, then track the data in a spreadsheet, a practice Moskites calls woefully inefficient. Venafi automates this crucial task, assessing which certificates are trusted, protects those that should be trusted, fixes or blocks those that are not and alerts IT when it detects anomalous activity. Venafi provides a certificate reputation service that identifies and enables remediation for rogue or anomalous certificates. Four of the five top retailers and banks in the U.S. use the software.
Moskites spends 90 percent of her time traveling, speaking about digital trust at conferences and writing whitepapers. She estimates that she's met with some 400 CIOs, CISOs and other executives and board of director members in the past two years. She says her team is Venafi’s leading software tester, advising product managers on quality and other details.
When Moskites is on the road, Rick Bill, senior director of IT security and infrastructure takes point, overseeing such tasks as a new firewall and a private cloud. Yet Moskites remains closely connected to her IT team, conversing with peers via phone, Web conferences, instant messaging, email and "whatever works to make sure we're communicating.” It's all worth it to support Venafi's growth at a time when unsafe certificates, particularly in the evolving era of the Internet of Things, pose a threat vector like none other.
Preparing for the proliferation of connected devices, CISOs and CIOs must work faster and be more nimble to protect corporate information, starting with certificates, Moskites says. "It's like the law of large numbers,” she says. “The more you have to manage the more difficult it becomes."
Sign up for CIO Asia eNewsletters.