Our Approach to PKI

How do I determine what is the correct certificate authority (CA) hierarchy for my business? Even if I get my design correct now, how do I ensure it’s not obsolete in five years’ time? What if the company is divested or what if we merge with another company, how will this impact our certificate authority (CA) hierarchy and PKI design.

I need to be sure that my design is compliant with all the regulatory and legal requirements for my particular business. How can I be sure that I have a fully compliant design that will satisfy a stringent audit?

I have a certificate estate that is spread over a vast area, most of the certificates are about to expire, a lot of them I know are none compliant.
Almost all of them are manually provisioned and I desperately need a way to centrally manage them. Furthermore, I need a way to ensure that any new compliant certificates do not break the applications that rely on them.

The questions and concerns just keep rolling in. There are thousands and each business is different. It’s not just about understanding the technology, or the security challenges that are growing almost on an hourly basis.

Believe it or not, we find the biggest challenge is learning how the business works, understanding the people and getting a solution to fit it. A lot of solution providers start talking about the technology as soon as they walk in the door. That’s not how we work. Our approach is getting to understand your business first.

Generally, our PKI designs enable the following business objectives:

Implementation of a secure, scalable, highly-available Public Key Infrastructure, based upon Windows Server Certificate Services technology, RSA KEON, Unicert, Entrust, industrial strength CA software.

Implementation of a monitored, configurable and automated method of issuing, revoking and renewing certificates.

A reduction in Operational Expenditure (Opex) costs for issuance and management of certificates.

Implementation of a solution that enables encrypted session connections for different classes of devices, including support for the adoption of new technologies such as Windows 8, Windows Server 2012 R2 Direct Access, SCCM, SCOM, SCEP, 802.1x, Apple iPhone, iPAD, Android tablets etc.

Implementation of a solution that can be expanded in the future to take advantage of Smart Cards and permanent data encryption.

Capital and Operational expenditure costs should be kept to a minimum, whilst still delivering a solution that meets the clients design criteria.

The design should be flexible to cater for potential organizational changes (including potential divestiture of assets and sites) in the future.

A strategic fully compliant ISO/NSA/NIST, FIPS 140-2 Level 3 and Common Criteria EAL 4+ certified industry best practice PKI, with full resilient and load balanced cryptographic modules.