2018-12-06

PKI for everything and in the cloud?

Public Key Infrastructure (PKI) solutions can be deployed in enterprise environments to solve various security problems for example securing websites, managing employee access to enterprise network at office or via VPN, signing sensitive documents and more. Other areas where PKI is a security enabler are when external users want to access a company’s services such as e-commerce, internet banking, e-government, and partner portal services in a secure and identifiable way.

The strength of PKI is that it enables new possibilities to secure that a sender of data or a request is in fact the originator and that receiver is the intended recipient. In essence, PKI provides the authentication services needed by applications such as the identity access use cases mentioned above. As a bonus, PKI can also enable you to verify that the data or request have not been compromised during transport and that it is kept confidential through encryption. These security services are generally the basis of encrypted file systems, document signing, software updates and data transmission.

The ability to provide enterprises with these security services in an efficient way have resulted in an explosion in the popularity of PKI over the past couple of years. All over the globe PKI is increasingly being used as an authentication and encryption solution for many different applications deployed in a typical corporate network environment. Enterprises using Microsoft have had an easy choice to use the Microsoft CA (Active Directory Certificate Services) as it is well integrated in the Microsoft infrastructure. For many, the Microsoft CA is sufficient but I also meet many enterprises where, with growing business and diversifying security needs, the solution falls short. That is why a growing number of organizations deploy other PKI solutions, utilizing the possibilities to scale their PKI and adapt it to a multi-use case environment. PKI is needed to secure more than one type of device and system.

So, what is new then?

PKI has been the de-facto security standard on the Internet for many years now and this is what is also happening for the Internet of Things (IoT). PKI is the security technology that can really scale and handle the different deployment scenarios that is the reality of IoT. This is also what Gartner predicted in a report from 2016, PKI is Gearing Up for the Internet of Things:

PKI has been a quiet yet foundational security tool for identity professionals for two decades. The IoT, mobility, certificate life cycle handling, scale and new deployment options create resurgent interest in PKI, its potential disruptors and its vendors.

In IoT you have similar security problems as in the enterprise environment. Devices, gateways, platforms and back-end systems need to be authenticated and the transmitted data needs to be secure and correct. Predictive maintenance and analytics for real-time use case optimization or future business decisions rely upon data being generated by the securely identified IoT devices in the solution. One difference between IoT use cases and traditional enterprise PKI solutions is the number of devices. Some solutions may only have just a few devices but others/many have millions of devices. No matter the scale, all devices, gateways and servers in the solution need to be able to communicate in a secure way.

Another difference is that IoT devices can be located in remote locations and be difficult to reach for in person maintenance, they can also have constrained battery power and connectivity. With this in mind you need to consider both your IoT technology choices and security deployment to make sure that you can optimize your business case with maintained security.

Furthermore, many IoT projects start small and, in many cases, implementing security is not a top priority. Assessing the security risks and adopting the right security measures can be considered too time consuming in the initial stages of deployment. However, it is often believed that if you decide to disregard security in the beginning it will most likely be more expensive to add it at a later stage. What’s more is that you’ll probably not get an optimal solution as the basic infrastructure components most often are unsuitable for scalable security.

Security should not be difficult or expensive to add early in your IoT project.

Many enterprises today, often within IoT, choose to deploy all or parts of their IT infrastructure and/or service offering in the cloud. Rapid deployment and ease of scale are two of the advantages. There is no upfront investment in hardware, servers and software which minimizes risk and makes it is easy to get started. A cloud deployment thus enables you to start small and grow with the use case. Most solutions in the cloud only charge you for the resources that you use. So why not do the same with your security solution?

By using a cloud deployment for your PKI use case, you can ease your mind and take away some of the inherent complexity in PKI solutions. Easy to start, adapt as you grow and pay only for what you use. This in combination with already proven best-practices help you to deploy proper authentication and encryption security solutions, for your users, servers and things, from the start. Proper security from the beginning not only saves you time and money but you can rest assure that your devices won’t get hacked and cause you or your customers damage.

Trust and responsibility are important areas to consider in today’s connected solutions. Do not reinvent the wheel, the technology and many best practices are already there to support you in small and large deployments.

 

Would you like to know more about PKI in the cloud?

Join our upcming webinar on PKI in the cloud, January 24th.

Sign up for webinar

 


Author: Harry Haramis 

Harry is the General Manager for PrimeKey in the US. He has almost 30 years of experience in the field of Information Technologies with extensive experience designing and developing state-of-the-art security technology solutions for the most complex and sensitive information systems.  He has worked on projects of all sizes and in all areas of Network & Security infrastructure.  As a proven leader, Harry has led teams of technical engineers to the successful conclusion of countless projects.  He has published several white papers as well as hosted several seminars and presentations.  He holds some of the industry’s highest certifications including CCIE #6772, CCNP, CCNA, CCSE, CISSP, CNE, VCP, and MCSE+I.

 

Contact Harry
harry.haramis@primekey.com


EJBCA Enterprise Cloud

EJBCA on AWS

Documentation