Almost all of our customers have a Microsoft PKI installed in some form or another. Most IT departments that we visit use the Microsoft PKI out-of-the-box to solve a tactical certificate requirement. They deploy it to issue code signing certificates or for issuing Autoenrollment machine or client certificates for one of the big enterprise suites like DirectAccess or Microsoft Exchange etc.
Most of these so called ad hoc or tactical PKI deployments are commissioned without formal policies or a strategic vision. The result is that very few of these PKI installations are compliant or facilitate scalability.Many of them have inadequate certificate lifetimes or are simply too insecure to be credible; however, they solve a problem that needs solving quickly, and that’s fine if you don’t need a strategic solution to embrace a more complex certificate estate.
Invariably, we always build new PKI infrastructures that will supersede existing tactical deployments ensuring that companies are left with fully compliant PKIs that will be robust enough to withstand appropriate audits and exhibit best practices throughout. To achieve PKI infrastructures that are scalable and compliant with industry best practice, we work from the top down, involving as may senior stakeholders as possible. We generally try to avoid building solutions in a vacuum – which is so often the case.
So, if you have an existing Microsoft PKI (or several), if it’s not fit for purpose, if it requires an upgrade, if your estate is vast and you need consolidation, or if you have just lost your way, contact us. Our experience with this product is vast and spans over nineteen years with all the versions to date.There is very little chance that we cannot help you.