PrimeKey® SignServer offers a set of digital signature services for document, code signing and time stamping to secure data while it is being transmitted over untrusted networks. Through a multi-use case and multi-tenant software platform the product supports hosting multiple signature formats in parallel and integrates with exiting workflow engines, build- and authorization systems. For added ease of use and scalability, the PrimeKey SignServer Cloud version can now be deployed within public clouds, such as AWS Marketplace and Microsoft Azure, with the same feature set as traditional on-premise implementations.
Signing delivered from the cloud is the newest variant of the technology and the shift provides more than just physical location. There are both technological and business model changes that need to be considered. However, the starting point is to consider what is meant by “cloud” as this can range from Software as a Service (SaaS), which will provide a fixed set of capabilities on a cost-per-cert / device model, all the way through to a full-blown Digital Signature platform such as PrimeKey SignServer Cloud deployed within a public cloud instance.
Signing in the Cloud a la PrimeKey
For medium to large deployments, or when an organization has a growing need for signatures, a full-scale cloud option with integration capabilities and “single license / unlimited number of signature certs” business model is clearly a better option as not only is it less costly, but it can scale, for example, to meet a larger volume of signatures with new use cases such as organizations introducing DevOps and CI/CD pipelines. The ability to be fully in control of the digital signature deployment across an organization and including more specialist use cases where the digital signature layer needs to be integrated into a product development process is fundamental both from a security and a cost efficiency aspect. At the technical level, the SignServer component is spun up in the cloud in just a few minutes. In addition, anything that can be done on premise such as deploying the hardware security module (HSM), which is the physical computing device that safeguards and manages digital keys, performs encryption and decryption functions for digital signatures, can also enact in the cloud native solution, typically the AWS Cloud HSM or the Azure Key Vault.
Flexibility is key
This ability to control every aspect of how your organization implements the digital signature solution and corresponding signing use cases when being deployed in one single server installation should not be underestimated as a major benefit. For example, if an organization wants to add new use cases, the same security considerations and policies can be applied and the process is entirely within their control and – crucially – does not incur an additional cost as would be typical in a SaaS model. This control also extends to how an organization want to organize their signing use cases. For example, SignServer can support multiple signing use cases and formats, and multiple organizational units– and each use case/unit can have its own administrator groups. This level of flexibility extends across different geographies and the need for scale over time – in fact, there are potentially millions of ways a cloud native SignServer platform can be configured.
Join our webinar where we will demonstrate an integration between PrimeKey SignServer and Jenkins for automated code signing in a CI/CD Pipeline. The solution will be running on Azure and code signing keys will be securely stored in the Azure KeyVault.
Presenters: PrimeKey Senior Solution Consultant Selwyn Oh and Product Owner EJBCA Cloud Alex Gregory
The webinar includes several hands-on demonstrations. Sign up