29 Nov What enterprises need to know
Cloud computing promises many benefits to enterprise users, from an efficiency and automation perspective, while enabling businesses to remain competitive by acting as the bedrock to their digital transformation strategies.
Security concerns related to storing data and business-critical applications in the cloud still persist, though, and have served to make moving off-premise a slower process for some firms compared to others, and mean a wholesale move of all their business applications and workloads to the cloud is out of the question.
Enterprises are slowly growing more confident in migrating workloads off-premise as both cloud infrastructure and software provides continue to prioritise security during the design and marketing of their products and services.
While cloud providers offer layers of security that allow users to mitigate vulnerabilities, the lack of expertise within IT departments means businesses may struggle to deploy these often-complex security measures effectively.
If designed and implemented correctly, public key infrastructure (PKI) may provide one of the answers.
What is PKI?
As pressure builds to provide an increasing number of services online, the demands on security have begun to play a significant role within companies of all sizes. Organisations need to maintain reliable and highly trusted networks to not only safeguard all business functions but to be able to meet specific regulations encompassing confidentiality and privacy. PKI is used to provide security services such as authentication, confidentiality, and data integrity.
From that perspective, PKI consists of roles, security policies, communication protocols and procedures needed to generate, manage, distribute, and revoke digital certificates, while also managing public-key encryption to make secure and trusted communications between different entities both inside and outside of an organisation.
The function of PKI, therefore, is to aid in the secure electronic transfer of information for many networking tasks, from internet banking to secure email, or any activity in which passwords alone are deficient for authentication purposes, and to enable the more rigorous proof of identity required to validate the information that is being transferred.
The registration and issuance of certificates are managed by a certification authority (CA), and the process can be automated or issued under human supervision, contingent on the security and trust levels that are necessary on a client-by-client basis. A registration authority (RA) has the responsibility to assure valid and correct registration, with the power to accept requests for digital certificates and authenticating the individual entity.
PKI in the enterprise now: Why?
In recent years, PKI has evolved from a means to protect websites, into the heart of the digital management function within the cyber security structure. Today, it is used to manage digital identities, applications, and devices within companies.
It is also being adopted and deployed by IT teams to combat a growing variety of cyber security threats, spanning distributed denial of service (DDoS) attacks to malware, and phishing attempts to the hacking of internet of things (IoT) devices.
While PKI is an integral part of keeping the enterprise safe, deploying, and managing the program, on-premise is a resource-intensive process, and IT leaders sometimes find it a struggle to find and employ experienced staff to oversee the setup too.
For example, PKI services like the Secure Sockets Layer (SSL) are designed to protect online communications and client certificates used for two-factor authentications, digitally signed documents, and email encryption that allow enterprises to maintain high levels of information online. As the number of SSL and client certificates used within an organisation grows, so does the budget and time taken by staff, related to managing the higher quantities.
New wave of offerings
With today’s agile and secure cloud infrastructure, a new wave of highly reliable, cloud-based PKI offerings are now available for enterprises to use, known as PKI-as-a-Service (PKIaaS), which enable IT departments to maintain control while all the complexity that comes with managing their PKI setup is contracted out to the service provider.
PKIaaS brings together the necessary infrastructure, automation, control, billing, and distribution of certificates while also simplifying and centralising the management of client certificates. The
companies which offer these services provide integrated processes and platforms that can make PKI management simple, including:
- Dedicated staff that are trained and up to date on security and regulatory requirements to keep the system’s current and compliant
- Policies and procedures are rigorously adhered to, based on best practices
- An automated platform that is scalable for businesses to simplify PKI deployments to meet the company’s requirements
- Multiple alerts issued from the PKIaaS platforms before a certificate is due to expire; therefore, there is less risk associated with expired certificates.
Handing off PKI requirements to the cloud
Another benefit of outsourcing PKI to the cloud is in having a centralised account. With a PKIaaS solution, a company would only be required to be vetted once, in contrast to each time that a certificate is issued, which can be costly due to how time-intensive the vetting process is. This allows pre-vetted companies to be issued certificates from a single account while selected administrators have the authority to be able to issue any type of certificate on demand.
The use of a centralised account to manage all certificates also makes for easier reporting and monitoring of the costs involved. Detailed reports can be exported by the administrator on findings, from certificate application, upcoming renewals, issuance, spend, and more. Administrators can designate roles and privileges to other approved members of staff, enabling them to distribute responsibilities by department while keeping all the certificate lifecycle information in one place.
In cases where the management of certificates is undertaken on-premise, responsibility falls on the IT team for the issuance, installation, inspection, remediation, and the renewal of certificates, but in doing so, the process can be made…