Skip to content

47-Day Certificates Are Coming. Are You Ready?

Act Now →
Case Study

300,000 customers , one exposed PKI, and the work it took to fix it.

How Encryption Consulting assessed a North American gas utility’s PKI, fixed the governance and operations gaps, and now keeps it running with 24/7 support.
300,000 customers , one exposed PKI, and the work it took to fix it.

Customer Profile

A North American gas utility serving 300,000+ industrial, commercial, and domestic customers, with around 1,000 employees and an active clean-energy program.

Industry

Energy & Utilities: Gas Infrastructure

Engagement Type

PKI Assessment, Remediation Roadmap & Ongoing Support Services

At a Glance Outcome

300,000+

Gas customers relying on secured infrastructure

10%

Pre-engagement operational cost increase

24/7

Ongoing PKI support coverage post-implementation

NIST, FIPS, PCI DSS

Compliance frameworks targeted

The Enterprise

Challenges

Cyber threats against energy infrastructure kept rising, and the company's PKI couldn't keep up. Expired certificates, undocumented lifecycles, and no governance left the gas infrastructure exposed, while operational costs were already climbing.

No governance policies or operating model

Without a Certificate Policy (CP), Certificate Practice Statement (CPS), or Target Operating Model (TOM), certificate issuance was inconsistent across teams and PKI stayed decentralized and unable to scale.
01 GOVERNANCE

Cryptographic standards undefined and inconsistent

No organization-wide guidelines for algorithms, key lengths, hash methods, or certificate structure. Varied team approaches caused interoperability issues and weak or outdated configurations.
02 CRYPTOGRAPHY

Certificate lifecycle managed entirely by hand

Manual management caused errors, missed renewals, and outages, driving a 10% rise in operational costs (per internal client estimates). Incomplete backups risked data loss, and unstructured endpoint distribution left provisioning gaps.
03 LIFECYCLE
Expired certificates and manual processes weren’t just technical debt, they were a direct risk to gas service reliability for hundreds of thousands of customers.

Encryption Consulting Assessment Team

ENCRYPTION CONSULTING · PKI SERVICES

Our Offered

Solutions

The engagement ran in two phases. Phase one delivered a PKI assessment, remediation roadmap, and architectural recommendations. Phase two, under Encryption Consulting's 24/7 PKI Support Services subscription, executed the remaining recommendations and provided ongoing support. All workstreams spanned on-premises, cloud, and hybrid PKI environments.

Capability 01

PKI Assessment, Architecture & Governance

Reviewed PKI across on-premises, cloud, and hybrid environments via stakeholder workshops. Recommended a microservices-based PKI, formal CP/CPS, and organization-wide cryptographic standards with strict private-key access controls.

Capability 02

Certificate Lifecycle Automation

Automated renewals, revocations, CRL updates, and status monitoring to eliminate manual error. Recommended CertSecure Manager for centralized visibility and policy enforcement across the certificate lifecycle.

Capability 03

HSM Modernization, NDES & CRL Monitoring

Delivered end-to-end migration to nShield 5s HSMs on the existing Microsoft AD CS PKI, with NDES closing endpoint provisioning gaps. Formalized CRL and real-time monitoring, aligned to NIST, FIPS, and PCI DSS.

Capability 04

24/7 PKI Support Services

Subscribed to Encryption Consulting’s round-the-clock PKI Support Services for restoration, troubleshooting, and on-demand response to certificate expirations, HSM failures, and other incidents.
The PKI went from reactive and manual to automated, monitored, and built to protect critical energy services.

Encryption Consulting Assessment Team

ENCRYPTION CONSULTING · PKI SERVICES

The Overall

Business Outcome

The company ended the engagement with a governed, automated PKI under 24/7 support, protecting 300,000+ customers and ready for changing regulatory and operational demands.

01

Governance and compliance foundations established

A formal CP/CPS and organization-wide cryptographic standards closed the governance gap, while alignment to NIST, FIPS, and PCI DSS reduced regulatory exposure.
02

Operations automated and security strengthened

Automated renewals, revocations, CRL updates, and monitoring removed the errors behind the 10% cost rise; nShield 5s HSMs and a microservices PKI scaled trust for 300,000+ customers.
03

Business continuity assured around the clock

24/7 PKI Support delivered rapid response to certificate, HSM, and endpoint incidents, minimizing downtime for 300,000+ customers and keeping pace with evolving cryptographic standards.

Discover Our

Latest Resources

Education Center

Introduction to Microsoft Intune 

Microsoft Intune is Microsoft's cloud-based endpoint management service. Learn how it works, MDM vs. MAM, licensing, and Entra ID integration.

Read more
Case-Studies

White Paper

Post-Quantum Cryptography for Finance: Threats, Standards, and the Road to 2035

Discover the quantum threats, NIST standards, and future of post-quantum cryptography for finance in our comprehensive white paper.

Read more
Case-Studies

Video

Decoding Post-Quantum Security on the International Space Station (Part 2) | What It Means For You

Explore expert insights on cybersecurity, PKI, and post-quantum readiness, with practical guidance to strengthen security and future-proof cryptography.

Watch Now
Case-Studies