Category: Key Management

Secure Container Signing with Cosign and PKCS#11

Over the past few years container adoption has grown rapidly. With it has grown the need to sign container images to help prevent supply chain attacks. The standards and tools to sign images have evolved over the years, and can still be a bit tricky to navigate for those new to container signing. This post will provide a brief background on some of the tools and standards, the pros and cons of each, and some best practices to follow when signing in your environment.

Read More »

Key-Based Authentication: Using Cryptographic Controls To Manage Access To Enterprise Resources

Enterprises have a wide array of resources to protect: file shares, email servers, production systems, databases, source code repositories, DevOps tools, and more. If key-based authentication is enforced for all of these different resources, and the keys are secured in a centrally-managed KMS or HSM, the enterprise can easily enforce granular controls, monitor access to resources, audit key usage, and restrict access as required. Learn more in this post.

Read More »

TLS Deployments For The Enterprise

With all the recent news surrounding TLS, it’s not a bad idea to take a fresh look at your company’s TLS usage. In this post, you’ll learn how to make the most of the new features offered in TLS 1.3 and discover how to balance security and performance when deploying TLS in your environment.

Read More »