The Internet of Things (IoT), from a security perspective, ultimately equates to an ever increasing need to more securely authenticate people, services, computers and devices across a wide spectrum of platforms. This means that Public Key Infrastructure (PKI) issued digital certificates are playing an ever more important role as a secure authentication mechanism within the enterprise and beyond.
In addition to becoming central to a company's authentication story, the cost of actually implementing a credible PKI has steadily dropped over time. Microsoft’s Active Directory Certificate Services has made the task of standing up a Certification Authority (CA) technically trivial. Installing a Microsoft CA can be as simple as adding a server role to a computer. This simplicity however does have its downsides. This leaves us with the number of certificate based applications on the rise, and the number of technical barriers to PKI deployment falling. These two trends explain why the number of companies making the decision to implement a privately rooted PKI is always increasing.
Common PKI based initiatives:
- Bring Your Own Device (BYOD)
- Government and industry regulation compliance
- IT risk mitigation
Tactical PKI projects:
- Wi-Fi authentication
- Direct Access
- Virtual Smartcard authentication
- Signature and encryption applications
But what exactly is a PKI?
A PKI can mean different things for different people. In fact, it’s not uncommon for many to view their issuing certification authority as their 'PKI.' But a real PKI is really so much more. A PKI is, by definition, a set of hardware, software, people, policies, and procedures needed to create, manage, distribute, use, store, and revoke digital certificates. This means that everything from the certification authorities, to the folks that manage its certificates should be considered in any well architected PKI. A well-built PKI is so much more than a drawing of lines and boxes.
At CSS, we work with customers every day, and we recognize the growing role that certificates serve in today’s IT landscape. CSS is well versed in what it takes to properly architect a custom PKI solution for clients. This is why a CSS PKI Consulting engagement always begins with the fundamentals.
CSS takes a rigorous ‘policy centric’ approach to all customer PKI design efforts. This starts with development of the underlying policy documents that formally define the capabilities and operations of the PKI. Establishing these foundational documents allow our customers to formally establish the basis for any PKI design decision, and ensures that auditability and compliance are designed in, from the very start.
This attention to detail allows CSS to deliver PKI designs to customers that have the ability to demonstrate verifiably constant levels of assurance over the lifespan of that PKI. Having a PKI that is flexible, and yet consistently capable of delivering certificates with an understood level of assurance has proven to be the best way to meet customer specific strategic certificate goals.
CSS’ PKI design and architecture methodology has allowed us to meet the increasing demand for privately rooted PKI services in a way that gives all of our customers a scalable enterprise-class PKI design from the initial key signing ceremony.