Read time: 5 minutes
What is PKI?
PKI stands for Public Key Infrastructure. Public Key Infrastructure is a solution where, instead of using an Email ID and Password for authentication, certificates are used. PKI also encrypts communication, using asymmetric encryption, which uses Public and Private Keys. PKI deals with managing certificates and keys and creates a highly secure environment that can also be used by users, applications, and other devices. PKI uses X.509 certificates and Public Keys, where the key is used for end-to-end encrypted communication, so that both parties build trust each other and test their authenticity.
Private and Public PKI
Previously, the IT team of an organization had to sit and discuss the CA hierarchy (Two-tier or Three-tier hierarchy) of their PKI Infrastructure. In the modern world, with so many successfully deployed and managed PKIs, it has become easier to understand which hierarchy should deployed for an organization, based on their business needs. Today, most PKI deployments are two-tier. The three-tier architecture comes into the picture only when there is a specific technical/industrial requirement of the organization. Nowadays, as per the standard practice, it is also important to implement HSMs to store Private Keys and protect CAs, as attackers have realized the value of using private keys to breach enterprise networks.
Modernize your PKI
A new cloud-based approach to PKI
Encryption consulting helps building and manage PKI infrastructure in the cloud as per the customers business requirements. For a two-tier based PKI model, the Root CA is offline and kept On-prem, where the issuing CA resides on the cloud. In the approach that is mentioned below, the Root CA is offline and kept On-prem. There are also two issuing CAs which were deployed, one of which is on-prem while the other is in the cloud. The on-prem CA will have security focus on non-cloud resources (such as workstation authentication etc.) and the other issuing CA will be focus on the cloud resources. Keys are secured in HSMs.
The advantages of PKI-as-a-Service
- Reduces Cost & Complexity
A quicker deployment of your PKI infrastructure, less in-hours issues, reduces spending for in-house PKI, and periodic PKI assessments and trainings are all offered with PKI-as-a-Service.
Enhance security posture with a trusted, privately rooted PKI deployed with industry best practices.
- Dedicated Security Expert
Security Experts will be assigned to the service, offering consistent and flexible support to meet customer requirements and demands.
Reduced time and frustration spent on PKI-related tasks such as CA and CRL maintenance is also offered by a dedicated security expert.
- Scalability and Flexibility
Provides observations and recommendations regarding current and future initiatives to help achieve desired future state capabilities.
Integrate your PKI with devices and applications using REST APIs, plug-in integrations, and standard enrollment protocols.
Encryption Consulting can also offer further services related to the Root CA such as:
- Sub CA signings
- Root CA and sub CA certificate lifecycle management advice (e.g. hashing algorithms / cryptographic algorithms)
- Policy / certificate profile advice
- Root maintenance
- Root migration / rollover
Encryption Consulting's Managed PKI
Encryption Consulting will deploy and support your PKI using a fully developed and tested set of procedures and audited processes. Admin rights to your Active Directory will not be required and control over your PKI and its associated business processes will always remain with you. Furthermore, for security reasons the CA keys will be held in FIPS140-2 Level 3 HSMs hosted either in in your secure datacenter or in our Encryption Consulting datacenter in Dallas, Texas.