Nestor Markowicz of CertiSur: “It’s important for organizations to gain crypto agility.”
As a provider of solutions that secure online transactions, with twenty-five years of market experience, Certisur is well positioned to help organizations on their journey to crypto agility. The need to properly manage digital certificates will become a major challenge in the coming years, one that should be addressed.
In 2023, an expired digital certificate caused a significant outage of services for the Starlink satellite constellation, operated by SpaceX. The same thing happened in March of this year with services for Google Chromecasts. Managing these types of certificates—which guarantee the security of information exchange on public networks through encrypted communications—is becoming a complex and critical issue, and will become even more so in the coming years thanks to new regulations and shorter validity periods.
The answer to this challenge? Partnering with service providers who know how to handle these issues, and using discovery and automation tools to improve the management of these certificates. Certisur was founded twenty-five years ago with the goal of providing these trusted services. “Our products aim to secure online transactions. We want people who operate on the Internet to do so securely,” explained Nestor Markowicz, Chief Operations Officer (COO) of Certisur. The solutions Certisur markets cover four areas. “One has to do with brand security, another with contract security. The third relates to business security, and the last to customer security. We have solutions for each of these four groups,” added Markowicz.
The company is headquartered in Argentina, with administrative offices in Chile and the United States. It currently employs 25 people, half of whom have technical expertise. In some countries in the region, it operates through partners. In Argentina, it operates directly, but is open to partnering with other partners to provide its joint solution (where the client relationship is managed by the partner, not Certisur).
To empower potential partners and clients, Certisur’s people offer training on their solutions. However, Markowicz clarified, this is a niche technology. “Not everyone has the expertise related to this technology. And this technology is evolving ever more rapidly,” he warned.
Certify to ensure and provide confidence
Depending on the product, Certisur’s clients are located in different verticals. For example, in its offering related to SSL certificates (which guarantee the secure exchange of information between a website and visitors’ browsers), “clients from all types of companies are involved. All companies must have an SSL certificate. If a website doesn’t have this certificate, browsers may display an insecure site warning or block access to the site.”
“Then we have other lines of business that primarily target the financial market. These solutions allow us to secure end-user transactions. It’s PKI (Public Key Infrastructure) technology, with which we give our clients the ability to issue digital certificates for their respective customers,” Markowicz explained.
This is just one part of the technology that Certisur provides in collaboration with globally recognized brands, such as DigiCert. “The certificate allows you to sign, but for the transaction to be completed online, you need software that allows you to take that certificate and apply it to the transaction you want to perform. We developed software called Alison for this purpose,” the executive explained.
The history of Alison’s development dates back to 2010, when Verisign—a provider of, among other things, authentication solutions that Certisur represented—sold that part of its business to Symantec. Customers soon began to notice the new owner’s divestment in this category of solutions. It was then that Certisur decided to begin in-house development of all the software that Symantec didn’t provide, but that was necessary for support and updating the solutions. “In 2017, Symantec sold this part of its business to a company called Digicert: the number one in digital certificates,” Markowicz said. More recently, Certisur evolved this platform (now called Alison Server) to the cloud, providing this service “as a service” (previously, software had to be installed locally).
The urgency to gain crypto agility
The CA/Browser Forum is an organization that brings together certification authorities such as Digicert itself, as well as Internet browser vendors such as Google, Mozilla, and Microsoft, and major technology companies such as Apple. Founded in 2005, this forum is responsible for establishing standards for digital certificates installed on servers and also rigorously monitors their compliance.
It is precisely the CA/Browser Forum that has been reducing certificate validity periods for some time now, in line with security risks and emerging new technologies (especially with the looming prospect of post-quantum computing and its promise of rapidly solving traditional encryption). From validity periods that were measured in six or seven years, we have progressively reached one year, which is the current validity window. “But starting next year, this will change. In March 2026, certificate validity will be reduced to 200 days. In March 2027, the validity will drop to just 100 days. And in March 2029, two years later, it will be reduced to 45 days,” summarized the COO of Certisur.
Doing this manually, especially if you’re managing dozens or hundreds of certificates (even using wildcards, in different instances), will become an impossible task. “You’re going to need some type of management software that can handle all the administrative processes related to digital certificates. This manager should provide at least two specific capabilities. The first, Discovery,” Markowicz listed.
“To be able to take action on your platform, you need to know where your crypto assets are. Certificates can be spread across different servers, some physical, some in the cloud, some public, and others on your intranet. Therefore, you need a manager that allows you to see which certificates are deployed. The first solutions being implemented are Discovery solutions, which scan to discover all of these installed certificates, their characteristics, and their status,” the COO explained.
“We have two Discovery solutions: one from Digicert and the other from AppViewX. The latter offers very granular and customizable automation, natively integrating with a wide variety of hybrid and multi-cloud environments,” he added. The second desirable capability is renewal automation. “Any company with more than ten or fifteen certificates, regardless of their industry, is going to need this type of solution. Or consider some automation mechanism. There are free automation tools through the ACME (Automatic Certificate Management Environment) protocol.” However, Markowicz clarified, it is not a trivial task: it has many complexities and there are numerous variations within these deployments.
When asked about the maturity level of organizations regarding crypto agility, Certisur’s COO admitted: “Regarding SSL certificates, we see it as a well-known and mature technology. This technology is widespread throughout the organization, but there aren’t many specialists in this field: it’s very sensitive, and a mistake can render systems inoperable. That would have a major impact on the organization.”
“We recommend that you outsource these services, not do it in-house. We ask that you trust those specialists who have been doing this for many years,” Markowicz urged.