Encryption Consulting has analysed the Global Encryption Trends 2022 Read the detailed report

PKI – Assessment

continue
Encryption Consulting > PKI – Assessment

"The concept of risk is built around the fact that a lot of things can leave you open to a problem and often you don’t even know what these things are."

PKI Assessment engagement

It  will consist of assessing the current PKI and certificate management practices used by the customer and the development of a strategy and roadmap for enterprise PKI and certificate management.

In this phase of the engagement, we will perform the following activities:

Phase one

Review Customers existing PKI (on-prem /Cloud-based PKI) procedures across the customers’ environment. The review will include an assessment of current certificate request, issuance and provisioning processes, and review the current policies.

Phase two

Analyze the current inventory of certificates provided by the Customer for the following certificate types: server TLS (Transport Layer Security), email S/MIME (Secure/Multipurpose Internet Mail Extensions), code signing, client and device certificates.

Phase three

Assist the Customer in defining a future state for certificate management with the following goals:

  • Enhanced security & governance
  • Consolidation and simplification of tools, processes etc. globally.
  • Automation (e.g., ServiceNow integration, end to end life cycle etc.)
  • Cost optimization

Phase four

Assist the Customer in developing a strategy for PKI based on the observations from the review program analysis, the Customer’s certificate inventory analysis, and the defined future state.

This engagement will be delivered over an eight-week period

Get in touch
Get the datasheet

PKI Current State Assessment Approach

Input

  • Current State Architecture
  • Physical & Logical Security
  • Monitoring & Audit Logging
  • Certificate & SSH Key & Lifecycle Management
  • PKI Operations
  • Business Continuity Planning
  • Certificate Policy (CP) and Certificate Practice Statement (CPS)
  • Risk and Compliance

Current State Analysis

Operational Efficiency

People

Security

Process

High Availability

Technology

Output

  • Observation
  • Gaps
  • Recommendations
  • Roadmap & Strategy

PKI Assessment Engagement Approach

The PKI Assessment engagement approach is described in the following steps:

Project Initiation

Project planning

  • Confirm stakeholders
  • Discuss kick-off meeting logistics and participants
  • Identify working space
  • Agree upon communication and status reporting protocols
  • Agree on read team testing scenario, scope and timing

Work Products

  • Confirmed stakeholder list
  • Work plan

Kick-off

  • Conduct kick-off meeting with key stakeholders
  • Coordinate and schedule interviews and/or workshops
  • Documentation request
  • Gain initial insights to Customer environment

Work Products

  • Kick-off meeting presentation
  • Interviewee list

PKI Program Assessment

Risk and Maturity Assessment

  • Review security policies, organization and governance
  • Conduct up to 5 interviews with executives, IT, InfoSec and business groups
  • Identify overall security program gaps and score security domains
  • Identify benchmark data
  • Develop key current state themes based on assessment
  • Conduct current state validation workshop

Work Products

  • Validated current state
  • Identification of security risks and gaps for each area
  • Top risk-ranked assets

Roadmap Development

Recommendations and Roadmap

  • Identify possible root causes and risks associated with gaps
  • Develop strategic, tactical, and “quickwin” initiatives
  • In collaboration with stakeholders, prioritize initiatives in a roadmap
  • Review roadmap with customer

Work Products

  • Detailed report outlining gaps and roadmap of prioritized initiatives

Reporting

Executive Summary

  • Draft executive summary and report
  • Obtain management feedback
  • Finalize report

Work Products

  • Executive level business and technical summary report
  • Final customer Information Security

Trusted by

BlueCross BlueShield Logo
Intrado Logo
Pfizer Logo
Centene Corporation Logo
American Airlines Logo
CBC Innovis
JCPenny
Ncipher
procters & gamble
THALES
NTT Data
Verizon
Wells Fargo
Logo Of WellCare Health Plans
Securian Financial
LOgo Of Magellan Health
LUMEN - Global Partner
O U Health - Global Partner
Protegrity - Client
Dell Technologies - Client
Unbound Security - Client
intel-encryption-consulting-customer
BLDR-logo
pega-systems-logo
Previous
Next

Case Study

See how Encryption Consulting assisted a Retail institution in implementing a new PKI Infrastructure.

View Case study
Get in touch
Icon

“Encryption Consulting developed a PKI Strategy for our organization which helped us remediate our current PKI environment in different areas such as PKI Operations, Certificate lifecycle management, and Design & Architecture .”

CISO, Financial Institution

Blog

Digital trends driving pki usage

Public key infrastructure (PKI) is a system for the creation, storage, and distribution of digital certificates

Read Blog
Report

Encryption Consulting PKI & IoT Trends Survey

A study on global usage trends on Public Key Infrastructure (PKI) and Internet of Things (IoT) along with their application possibilities.

Download Report

Other Public key infrastructure Services

Ready to get started?

Ready to get your PKI and certificate management practices evaluated?

Request a consultation

×

The private keys of the code-signing certificate can be stored in an HSM to eliminate the risks associated with stolen, corrupted, or misused keys.

Client-side hashing ensures build performance and avoids unnecessary movement of files to provide a greater level of security

The command line signing tool provides a faster method to sign requests in bulk

Robust access control systems can be integrated with LDAP and customizable workflows to mitigate risks associated with granting wrong access to unauthorized users, allowing them to sign code with malicious certificates

Support for customized workflows of an “M of N” quorum with multi-tier support of approvers

Support for InfosSec policies to improve adoption of the solution and enable different business teams to have their own workflow for Code Signing

Validation of code against UpToDate antivirus definitions for virus and malware before digitally signing it will mitigate risks associated with signing malicious code