Relevant Items

When Your CA Migration is Actually a CA Evacuation

Your Evacuation from Symantec's CA Put You at Risk

An emergency evacuation is defined as:

…the urgent immediate egress or escape of people away from an area that contains an imminent threat, an ongoing threat or a hazard to lives or property.

So, were you just asked to evacuate the Symantec CA?

DigiCert’s announcement to acquire Symantec’s Website Security and Related PKI Solutions marks the start of an impending certification authority (CA) migration process set to occur during the first wave of distrust by Google of Symantec-issued SSL certificates. All existing Symantec SSL certificates (issued prior to June 1, 2016) will be distrusted as of March 2018, creating the potential for business disruption and erosion of the Symantec customer experience, for both public and private trust customers.

Evacuations are often the consequence of pending or anticipated disaster. Any potential instability, risk and uncertainty surrounding your core infrastructure is a potential disaster. Your Public Key Infrastructure needs to be certain at all times. As a result of the situation you are now in, you face potential risk.

Normally, the decision to migrate to a new PKI solution is a strategic move. Undertaking a migration procedure is a tactical exercise, and given the investment of time and money involved, should be treated as an opportunity to evolve your digital trust structure, address past issues and shift to a more strategic use of technology.

The point of an evacuation is to lead you out of danger and into safety. So that’s now the question. How sure can you be that Digicert’s new PKI solution is the right fit for your business?

Trust is earned, not acquired. We know you have questions about how Digicert is going to maintain business continuity, and prioritize your migration among the many others taking place.

The fact is: you are not the only business that will be emergency migrating their core security infrastructure before a strict deadline. As a result, you must put immediate trust in your new vendor to make sure everything that is needed to keep the heartbeat of your security infrastructure alive is implemented smoothly.

Questions still remain about how DigiCert will address the systemic problems within the Symantec Website Security division and when they will be resolved.

All in all, the acquisition of the Symantec CA by Digicert is not quieting uncertainty in private and public trust circles.

Mozilla expresses their concerns >>

  • We would be concerned if the combined company continued to operate significant pieces of Symantec’s old infrastructure as part of their day-to-day issuance of publicly-trusted certificates.
  • We would be concerned if Symantec validation and operations personnel continued their roles without retraining in DigiCert methods and culture.
  • We would be concerned if Symantec processes appeared to displace DigiCert processes.
  • We would be concerned if the management of the combined company, particularly that part of it providing technical and policy direction and oversight of the PKI, were to appear as if Symantec were the controlling CA organization in the merger.

A successful evacuation is a matter of following a solid plan. If your migration to Digicert is not being treated like an urgent matter, you should question your migration plan more. Keeping in mind that you did not ask for this, you still have an opportunity to find a trusted partner on your own terms.

Entrust Datacard can provide you with the evacuation plan you need to reduce risk to your business operations and take control of your PKI.

LEARN MORE >>

Up next in this series: The Simple CA Evacuation Plan You Need

Stephen Demone

Stephen Demone
Stephen Demone is a Content Developer at Entrust Datacard where he specializes in digital certificate technology. An avid storyteller, Stephen has applied his love of writing to developing content that teaches, informs and sometimes challenges convention. Stephen graduated from the University of Ottawa Telfer School of Management  in 2009 and joined the Entrust Certificate Services division shortly thereafter.