Commentary--Today, there is a wide range of technology, products and solutions for securing an enterpris'’s electronic infrastructure. As with physical access security, the levels of security implemented should be commensurate with the level of complexity of the enterprise, the applications in use, the data in play, and the measurement of the overall risk at stake. Many organizations are starting to deploy certificates to secure a number of different pieces of the enterprise. Certificates are used to encrypt and sign e-mail, authenticate both people and machines to remote access servers, and to digitally sign documents and transactions.
Traditionally provisioning certificates has been complex and costly due to the need to set up a PKI (public key infrastructure) system. This has proved to be a significant undertaking and required a significant commitment in both people and dollars. Now it is possible to use a different approach, by implementing “PKI On-Demand” using the software as a service (SaaS) model. In this approach, an organization only needs a Web browser to interact with the PKI services. End users enroll for their credentials using a browser, and administrators perform management tasks using a browser. The PKI services are delivered by a managed service supplier, using a virtual PKI configured for the customer.
Companies clearly need to protect sensitive digital data that is central to their operations. Some examples are the storage of customer transaction records, electronic notarization of documents via the Web, and the authentication of bank transfers. In short, any exchange or storage of digital information where there is a requirement to ensure the information is secure, or to know that the entity on the other end of the digital universe is the entity they claim to be. Certificates and public key cryptography are widely recognized as the only practical mechanism capable of securing a broad range of applications in a controlled and managed way.
A full enterprise PKI-based security system may not be a fit for all business environments, but more and more companies are finding that they can benefit from using PKI to secure some aspects of an enterprise’s electronic infrastructure. A PKI deployment offers a unique value in managing the risk of both internal and external communications between employees, partners and customers, and can help to secure transactions and communications across a wide range of disparate platforms, applications and devices.
How are Digital Certificates used in today’s enterprise?
There are numerous applications that incorporate PKI in a typical corporate enterprise today. Some of the more common applications are as follows:
- Web Server Authentication through Secure Socket Layer (SSL)
- Virtual Private Network (VPN) Server Authentication (IPSec and SSL)
- Client Authentication to Web Servers (Internet/Intranet/Extranet) and VPNs
- Digital signing of e-mails, forms, documents and invoices
- Encryption of e-mails, documents, forms, transactions and files in transit
- Encryption of data at rest on laptops, thumb drives, mobile phones, etc.
- Code signing / mobile phone code signing
Some of the many benefits of implementing a PKI include:
- A single credential (certificate) per user which can be used for multiple processes and applications, in lieu of having multiple usernames and passwords. This is a significant administration benefit as user groups grow.
- Use of digital signatures to provide a persistent and auditable record of transactions.
- The same PKI investment can also be used to secure site-to-site connections, extranets, server-to-server communications, device authentication, etc.
- Simplifying password management. With PKI, there is no longer the need for constant password management and continual user support when passwords are forgotten.
Back to the future: The new old school
Traditionally a PKI implementation has required a significant upfront investment, and involved a commitment to install a dedicated security infrastructure. This is no longer true, and it is now possible to obtain PKI services in an on demand model, where you pay only for the portion of the infrastructure you use, and need not install any dedicated systems on you site. This enables organizations to cost effectively do implementations of fewer than 500 users.
PKI is emerging as the best balance of strong security, commercial availability, and cost effectiveness. Time tested and continuously improved since its commercial introduction, the On-Demand PKI delivery model drives the cost down dramatically without sacrificing protection and guaranteed service levels. This SaaS model has been a key to the renaissance of this old school security solution, a.k.a. in-house PKI or traditional managed PKI.
On-Demand PKI removes the complexity of setting up and configuring the initial system. Because the backend security infrastructure is all ready up and running, getting a new PKI running is simply a matter of setting the appropriate configuration parameters. Once the system has been configured, the customer can administer the system from a Web browser, enrolling users and issuing certificates, without having to install and manage any of the underlying security infrastructure.
In general, a managed PKI is more cost effective and easier to implement than an in-house solution, with over a 50 percent difference in cost between in-house PKI and a traditional Managed PKI. The new On-Demand PKI model, however, drives these costs down by an additional 50 percent for the same PKI functionality. The combination of a faster implementation time, with a lower cost to implement significantly improves the ROI on using PKI.
The implications are significant. Companies who could not previously afford PKI can now have the same security used by the world’s largest organizations. Customers can get their system up and running more quickly, and "pay as they grow"--rather than "paying up front."
biography
John Adams is CTO of ChosenSecurity, Inc., a provider of on-demand PKI security services.
Harnessing the power of waves
Planting solar gardens
Fill your car for $1.10 a gallon?
