Enterprise PKI is complex, and it’s only getting harder.
Enterprises create digital connections every day. The shift to containers, multi-cloud, mobile and IoT platforms has introduced significant new challenges for PKI and security teams. The increased network exposure has led to a Critical Trust Gap.
Despite the growing importance and investment in cryptography, PKI teams continue to experience the same challenges year over year.
NO CLEAR OWNERSHIP
Enterprises are struggling with clear ownership for their PKI strategy. Although PKI has been labeled as critical infrastructure, there rarely is a direct line of responsibility.
Today’s IT and security professionals are constantly changing responsibilities. Many carry multiple job functions beyond PKI, such as active directory managers, server managers, and other security roles.
If PKI expertise are present, these skills were derived over a long time predominantly through organic growth. This knowledge gap usually cannot be replaced if personnel changes occur.
CLOUD-HOSTED PKI AS-A-SERVICE (PKIaaS)
PKIaaS – also known as PKI as-a-Service or managed PKI – allows you to get all the benefits of well-run PKI, without the operational complexity and cost of managing the software and hardware required to run it. Your teams still maintain the control they need over day-to-day operations while offloading back-end tasks to a trusted team of PKI experts.
Finding a solution that is secure, cost effective, and scalable with your business is critical. Let’s first dive into some common drivers of switching to PKIaaS.
"By attaching the notion of cryptography to a higher-level issue like digital business, the aim is for security leaders to increase their overall success in establishing a center of excellence for cryptography in their organization."
"Technology Insight for X.509 Certificate Management"
Erik Wahlstrom, Paul Rabinovich (October 2019)
PKIaaS: Why now?
Even if you understand the challenges with running your current PKI, it usually
takes a compelling event or lack of knowledge to ask “Do I really want to fix these challenges with my legacy, in-house PKI solution?”
Some of these you’ve already experienced in the past and some will impact
your business within the next few months.
SHA-1, SHA-2, Quantum
When an algorithm is no longer trusted, you’re on the hook to update your PKI. The challenging shift from SHA-1 to SHA-2 should be a lesson for the quantum changes ahead.
Changes in PKI Staff
Due to the limited PKI resources you may have on staff and the expertise required to maintain PKI, workforce changes could create an unexpected knowledge gap.
Crippling PKI Outages
An offline, expired, or misconfigured CRL will result in the inability for an application/service to check the CRL prior to trusting any certificate issued by your CA. This outage can result in the blocking of services.
New Business Initiatives
Whether you are moving legacy workloads to the cloud, building new applications, or heavily investing in IoT, new changes require reconsideration for your current PKI deployment.
Exponential Growth of Certificates
With the explosion in digital certificates, is your PKI able to scale up and support the increased workload? As cloud adoption grows, and DevOps speed increases, certificate issuance and management needs to be addressed.
Mergers and acquisitions bring a whole new level of complexity to your PKI. Use this as the perfect opportunity to assess your PKI status and look for new options to support your new organization.
Certificate Authority (CA) Renewals
It’s recommended that your Root CA is renewed with the same keypair after 10 years and with a new keypair after 20 years. CA renewal is a painful process, but it’s an ideal time to re-consider your PKI strategy.
Only 38% of IT and security professionals say they have sufficient IT security staff dedicated to their PKI deployment.
"The Impact of Unsecured Digital Identities" 2020 Report
Let’s dive in - download the full guide:
Now we’ll look at the core capabilities offered by PKIaaS solutions in more detail.
This is not intended to be an exhaustive list; rather its purpose is to raise awareness of major capabilities and encourage vendor discussion during your buying process.
Download the full guide below to learn more.