| ▲ | fzeindl 3 hours ago | |
Certificate/key renewal was a mess in every enterprise environment I worked in. My suspicion is that corporations in general don‘t handle tasks well that need to follow an exact timeline and can‘t be postponed by a week or two. | ||
| ▲ | crote 24 minutes ago | parent | next [-] | |
The real fun starts when you have to do an unscheduled renewal! Companies are generally able to develop a workable process around regularly-scheduled tasks. If you can't, you'll quickly run into trouble due to late salary payouts or missed tax filing deadlines. They'll rapidly accumulate a thick layer of bureaucracy around it, but as long as it gets exercised regularly it'll remain more-or-less functional. Try the same with PKI and you'll run into massive issues during mass revocation events. Having a renewal process which takes 2 months and involves dozens of stakeholders is totally fine for a cert which gets renewed every 12 months on a well-known date - but not when you're working with a 72-hour deadline... | ||
| ▲ | jjkaczor an hour ago | parent | prev [-] | |
As well as having; proper documented (and tested) procedures and appropriate level of staffing/staff availability (not overburdened by juggling too many tasks and projects) - AND... keeping staff over several period/activity cycles, so they have actual experience performing the ongoing maintenance activities required. Oh - and heck, even a master calendar of "events" which need to be acted on, with - ya'know reminders and things... Yeah - I have almost never seen any corporate or government environment actually take a "forward-thinking" approach to any of the above... | ||