PKI – Design/Implementation Service

Your PKI’s weaknesses put your organization at risk. Dated documentation or poor security controls can make anyone want to avoid a refresh. Do it right this time.

Designing and implementing a successful PKI needs expertise and this is where we can assist you by designing the PKI (on-prem PKI and Cloud-based PKI) and supporting processes. Post design, EC will help you implement/migrate PKI technology and infrastructure, including the root & issuing CAs. We also develop PKI policies, rules, and operational processes in alignment with your business needs.

Requirements

Analyze your PKI Requirements

In this phase of the engagement, EC will perform the following activities:

  • Identification of stakeholders and information gathering sessions.
  • Review of current process followed across the business units globally.
  • Analysis of Customer provided certificate inventory.
  • Identification of gaps and opportunities.
  • Define future state plan.
Develop a strategy

Design a PKI solution

Design and document a solution based on customers’ requirement of an On-prem PKI/ PKI in the cloud. For example:

  • On-prem PKI solution

    Windows Server 2019 R2 Microsoft Active Directory Certificate Services (MS ADCS) and customer choice of hardware security modules (HSM)

  • Cloud-based PKI

    There are multiple options for a cloud-based PKI model. Root CA On-prem (offline) and the issuing CA on the cloud for the two-tier hybrid option.

Develop a detailed implementation plan including high-level architectural diagram.

Deployment

Implementation of the PKI solution

Provide “hands on” or “hands off” assistance with deployment, including detailed:

  • Key ceremony document
  • PKI Build Guide
  • Certificate Practice/Policies document
  • Operations Guide
  • Business continuity planning guides
  • Test plans to prove solutions functionality

Our PKI Design and implementation engagement approaches key activities

Gather Requirements

Encryption Consulting will initially discuss customer PKI requirements with them. Normally, we conduct a requirement gathering workshop to collect all key stakeholder input.

Document the Requirements

Encryption Consulting will then document the requirements, proposed solution, and post deployment tests, and agree with the customer on the scope of work and price before commencing further work.

Design & Build PKI

The solution will be designed based on the customer’s requirement of a traditional PKI (On-prem) or a cloud-based PKI. HSMs will be utilized to protect the private key for the Root and Issuing Certificate Authority.

After solution design, Encryption Consulting will produce PKI Build document to cover installing the solution and its configuration. The documentation will also contain operating procedures as well as information relating to backup and recovery.

Deploy the Solution

Once the PKI Build guide is completed, Encryption Consulting will help the customer deploy the solution. Encryption Consulting will either lead the deployment or do a hand holding along with the customer to deploy the solution.

Encryption consulting recommends working with the staff who will support the PKI to facilitate direct knowledge transfer.

Test the PKI

Encryption Consulting will work with the customer team to test the PKI to prove that the solution meets objectives and functions as designed.

Handover the PKI

Finally, Encryption Consulting will conduct an advanced PKI and HSM training for the customer PKI team to handover the PKI environments.

Trusted By

See how Encryption Consulting assisted a Retail institution in implementing a new Public Key Infrastructure.

Suggested Resources

Blog

The significance of PKI in the IoT world

The significance of PKI in the IoT world.

Report

Encryption Consulting PKI & IoT Trends Survey

A study on global usage trends on Public Key Infrastructure (PKI) and Internet of Things (IoT) along with their application possibilities.

Training

PKI Training

PKI course is recommended for anyone using or managing certificates, designing or deploying a PKI enterprise solution, or evaluating & selecting a commercial PKI Technology Solution

Let's talk