There are always questions in regard to why an organization should care about their digital certificate lifecycle management (CLM) with their existing public key infrastructure (PKI). Our sales team constantly hears the same rebuttals: “We try to keep things very simple and agile when it comes to certificates” or “we just don’t see a need to give it more time than what we currently do”, and on the surface their logic seems sound. More, cost estimates of a CLM system seem to financially justify their statements, but in taking a closer look, these IT leaders may be unintentionally excluding certain facts that prove their conclusions to be flawed or even false.
Manual Digital Certificate & PKI Management
It is quite common for organizations to default to ‘tribal knowledge’ and use email or a general support contact to manually request a certificate. Frequently, a request of this type requires a certain amount of back-and-forth volley between requester and issuer to determine what type of certificate is needed, what details are needed in the body of the certificate, and who needs to approve the request. All of these come in the form of an email chain of forwards or verbal conversations.
After the certificate is approved and issued, this email chain that now contains all of the vital issuance information is placed into a folder and archived to soon be washed under in the usual rapid information flow of most organizations. Whereas, many types of certificates have a duration lasting a year or more, this now buried information is bound to be lost before it is needed to alert the owner as the time to renew approaches.
If an organization is fortunate enough to have a preemptive alert mechanism to indicate when a certificate is approaching its expiration, the administrator now lives at the mercy of his/her memory to remember enough details of the certificate to alert the appropriate group (or individual) and have them again go through the same email process to renew. Unfortunately, most organizations do not even have the luxury of an alert mechanism and merely hope that someone checking an Excel spreadsheet at the right time will see a certificate is about to expire and have enough information to alert the appropriate party.
Shortcomings of Manual Digital Certificate & PKI Management
What is the shortcoming of this type of certificate management? In a single word: cost. In leaving the aforementioned approach in place vs. creating a defined (and even automated) CLM process, one can quickly see that the time a resource consumes with this lack of process begins to grow at an exponential rate. More, in multiplying that time requirement over the number of certificates that live in an organization can quickly result in more than a single FTE’s time in a single year.
Although setting up a complete certificate lifecycle management process has an upfront investment of time (and cost), the ROI over time is obvious and surprisingly rapid. With a defined CLM process, valuable resource time can be spent on activities more strategic to the organization while reducing the risk of certificate issuance gaps and expired certificate mayhem. Over time, you will suddenly see the ROI with certificate lifecycle management you’ve never before realized.
PKI Managed Service Introduces a Tangible ROI
CMS Enterprise's automated certificate lifecycle & PKI management abilities are second to none providing agile, complete certificate lifecycle and PKI management. Let CSS assist with the management of not only the certificates, but also the entire PKI. Learn more about CMS Sapphire, holistic managed PKI, powered by CMS Enterprise.
CMS Sapphire is PKI on your terms. Designed, deployed, and managed by CSS on your behalf and to meet your needs, the PKI managed service is architected to allow you to maintain complete control over the use of your Root CA keys and PKI recovery materials. CMS Sapphire allows organizations to reap the benefits of a dedicated and highly-customizable PKI, with the flexibility and scalability of cloud delivery, and rapid deployment models that reduce typical rollout timelines by more than 50%.