Notifications
Clear all
Topic starter
07/06/2026 8:04 pm
TL;DR: Certificate lifecycle automation, unified visibility, and crypto-agility are becoming core controls for organisations managing cryptographic risk and preparing for post-quantum transition, according to Keyfactor; the governance lesson is that digital trust now depends on lifecycle discipline, not one-time deployment.
NHIMG editorial — based on content published by Keyfactor: Keyfactor recognized by CRN for security innovation and channel excellence
Questions worth separating out
Q: How should security teams govern certificate lifecycle risk in large environments?
A: Security teams should treat certificate lifecycle as an identity control problem, not a maintenance task.
Q: Why does crypto-agility matter for identity and trust governance?
A: Crypto-agility matters because organisations cannot safely replace algorithms, keys, or trust chains if they do not know where those dependencies live.
Q: What breaks when certificate visibility is incomplete?
A: When visibility is incomplete, teams lose the ability to connect a certificate to its owner, workload, and renewal path.
Practitioner guidance
- Build a complete certificate inventory Map certificates, keys, renewal dates, owners, and consuming workloads so no trust artifact exists without an accountable system record.
- Assign lifecycle ownership for every trust path Define who can issue, renew, revoke, and approve changes for each certificate domain, including partner-managed environments.
- Test crypto-agility against real dependencies Run migration exercises on selected applications and services to confirm that policy, inventory, and replacement steps work before post-quantum change becomes urgent.
What's in the full analysis
Keyfactor's full press release covers the operational detail this post intentionally leaves for the source:
- The wording behind the CRN Security 100 recognition and how Keyfactor positions cryptographic modernization for channel partners.
- The channel leadership context behind Louise McEvoy's 2026 CRN Channel Chiefs recognition.
- The company’s own description of unified visibility, certificate lifecycle automation, and modern trust infrastructure.
- The IBM Consulting collaboration mentioned in the release and how it connects to quantum-safe transformation.
👉 Read Keyfactor's recognition and cryptographic modernization press release →
Cryptographic resilience and trust infrastructure: what teams need now?
Explore further
07/06/2026 9:50 pm
Cryptographic lifecycle management is now an identity governance problem. Certificates, keys, and machine trust artifacts behave like non-human identities because they authenticate systems and authorize communication at scale. When their lifecycle is unmanaged, the result is not only technical debt but access risk, outage risk, and audit failure. Practitioners should treat certificate governance as part of the same control plane used for broader NHI oversight.
A few things that frame the scale:
- Only 5.7% of organisations have full visibility into their service accounts, according to the Ultimate Guide to NHIs.
- 96% of organisations store secrets outside of secrets managers in vulnerable locations including code, config files, and CI/CD tools.
A question worth separating out:
Q: Who should own cryptographic modernization when partners are involved?
A: Ownership should stay explicit even when partners help deliver the work. The customer still needs named decision rights for issuance, renewal, revocation, and emergency change approval. If those responsibilities are unclear, the programme gains services but loses control over trust state.
👉 Read our full editorial: Keyfactor recognition underscores cryptographic resilience and trust
