CA’s public health dept failed to renew server cert required to transfer COVID case-related data to Quest labs – expert source

Not sure if you saw the recent news that California’s public health department failed to renew a server certificate required to transfer COVID case-related data to Quest labs.  A backlog of 250,000-300,000 records resulted from the outage, which caused under-reporting of COVID cases, and a full investigation into the incident.

Experts Comments

August 14, 2020
Ted Shorter
CTO
Keyfactor
SSL/TLS connections are a client/server protocol and can have two types of certificates; all of them have a server-side certificate that secures the connection and gives browsers some assurance that they’re talking to the right website. But these connections can also have client-side certificates that are used to mutually authenticate the client that initiated the connection. These ‘client’ certificates are becoming more and more prevalent in IT environments with the explosion of DevOps,.....Read More
SSL/TLS connections are a client/server protocol and can have two types of certificates; all of them have a server-side certificate that secures the connection and gives browsers some assurance that they’re talking to the right website. But these connections can also have client-side certificates that are used to mutually authenticate the client that initiated the connection. These ‘client’ certificates are becoming more and more prevalent in IT environments with the explosion of DevOps, microservices, cloud architectures, and IoT. They often outnumber their traditional server-side counterparts by a factor of 1,000 or more but are often a ‘blind spot’ in an organization, as most traditional cert management tools focus almost exclusively on server-side certs. The Equifax breach and the Microsoft Teams outage of early 2020 are examples of problems directly related to client authentication certificate expiration. Every certificate needs to be inventoried and managed: not just SSL/TLS server certs which you can find with network scans – they’re just the tip of a really big iceberg.  Read Less
What do you think of the topic? Do you agree with expert(s) or share your expert opinion below.
Be part of our growing Information Security Expert Community (1000+), please register here.