Digital Certificates - Public Key Infrastructure (PKI)

In our digitally connected world, we rely on digital certificates and the necessary Public Key Infrastructure (PKI) to provide the foundation for individual security - securing connections and data and providing security functions (encryption, authentication, digital signatures). Organisations depend on their certificates being used correctly and their PKI working as expected.

Our experienced PKI architects will help you design your PKI so that you can have complete confidence in it and use digital certificates to improve security in your organisation.

The PKI as a solid foundation for security

The level of maturity of the environment in which digital certificates are created plays a hugely important role when it comes to establishing or maintaining the security of an organisation. A well-functioning PKI is the foundation for implementing many security measures. But how stable is this foundation? Is the existing or planned PKI in your organisation mature enough to ensure the security of your business?

An effective PKI is not just a technical system. It only provides the necessary protection if the following points are also met

• The organisation’s certificate and PKI lifecycle is managed.
• Processes are in place to generate and use certificates (e.g. for secure communication, data transfer, authentication, authorisation or digital signatures).
• The renewal date of all certificates is known.
• The technical systems used by the PKI (including the issuing authority for certificates) function reliably and as intended.
• The procedures used (algorithms, processes) are sufficient to meet the current and future requirements of the PKI.
• The overall maturity of the PKI is appropriate to the organisation’s needs.

Technology, Processes and Organisation

We often find that the PKI in organisations does not work as expected. It is not uncommon for basic certificate and PKI lifecycle processes to be rudimentary, partially implemented or not implemented at all. It is not usually the case that the products used are not mature enough. However, PKI operators, managers and users are often unaware that effective protection requires more than just a technical system that can be installed in a few steps. It is essential to have functioning processes that are optimally embedded in the organisation. However, too little attention is often paid to this aspect.

The lack of processes is often only noticed months later - when a certificate renewal, an update or upgrade or the replacement of PKI components is due - and therefore usually far too late. The consequences of this negligence are almost always critical for operations or security, because

• Unplanned service or system outages,
• Changes cannot be implemented as planned
• Cascading failures due to unknown dependencies
• Necessary PKI maintenance is not performed,
• Efficient troubleshooting is not possible,
• If the PKI fails, the organisation is severely hampered in its ability to conduct business, or it even comes to a complete standstill.

Such situations could be avoided if the PKI processes had been taken into account at the time of the PKI’s design or later during the PKI audit. The best way to prevent serious consequences is to continuously review the processes.

Our Services as PKI Architects

With our experience in Public Key Infrastructure, we can help you to build your PKI to an appropriate maturity level, or to improve the maturity of your existing PKI.

• We take your specific requirements into account and design solutions that work for your organisation. We can design the right PKI for a small business that needs a dozen certificates, or a global enterprise that needs millions of certificates for its IoT devices.
• We design your PKI architecture and support your PKI project from initial requirements through to go-live. If required, we can help you to continuously improve your PKI while it is in operation.

In addition to our work on customer projects, we also share our expertise in PKI training courses. We also facilitate discussions about digital certificates and PKI, and digital trust in general, at our conference.

Customer benefits

Over the last few years we had the opportunity to test a number of PKI environments to see if they were suitable for the organisation. In many cases, we have found that the methods used were not appropriate to the situation and that the foundations, which were thought to be stable, were not strong enough. As PKI architects, we take into account the specific requirements of the organisation and examine the load that the PKI will be expected to carry. This makes each PKI project as individual as its requirements.

However, having a clean and reviewed PKI architecture alone does not guarantee that a PKI will actually be built as intended. There are many reasons for this, and practice shows that PKI projects almost always require close support from the drawing board to the handover of operations.

We are happy to assist you with your PKI project. We are also available for any PKI-related questions, applications and integrations, or for a second opinion.