Enterprise applications and PKI – Part 2

In the previous article, we explored the importance of Public Key Infrastructure (PKI) from an enterprise architecture perspective. We also saw some of the typical enterprise application scenarios that need to use PKI, including public facing web sites and web applications, Virtual Private Network (VPN) services, mobile applications and software (code signing). This article illustrates a few of the other enterprise application scenarios where PKI needs to be an integral part of enterprise architecture.

Summary
In today’s world, enterprise application architecture needs to follow a “Security First” approach. For example, with cloud technology becoming mainstream, cloud security also needs to become a top priority for enterprises.

Similarly, for application authentication, enterprises can no longer rely on just a username and password approach, since enterprise applications are accessed anytime and from anywhere. Threats like phishing have resulted in email security becoming a hygiene factor and not just a “good to have”. Digital signatures for documents have become the norm, replacing manual signatures.

Overall, enterprise architecture today requires application security to keep three needs in mind: stronger authentication mechanisms, validation of the device or endpoint that is being used to access the application and securing the communication channel between the application and the endpoint. PKI through digital certificates, provides a way for enterprises to address all three of these needs. This also means that enterprises need to think about good certificate management practices, including the set up of a private certificate authority (CA) where needed. That, however, is a different subject and will be covered in a future article. Stay tuned!