December 1, 2020

Blog postEJBCA CloudEJBCA SaaSEnterpriseInfrastructureMedTechSignServer Cloud

Deploying PKI in the future


We asked our PrimeKey Tech Days 2020 audience about the future of PKI deployment. Here’s what they had to say.

It is not often that you have +500 IT Security experts at hand, which was the substantial number of attendees for PrimeKey Tech Days this year. We took the opportunity to ask this rather unique set of people with both general IT Security knowledge and a deep interest in PKI and its related topics about their predictions for the future. How do they think PKI will be deployed in the future? In this blog, we wanted to share some of the findings from their answers.

When going through the answers you realize that many answers are very similar. People answered that they believe that more PKI infrastructure will move to the cloud, but at the same time they believe that more critical parts or use cases will continue to use on-premise deployment options, such as the software or hardware appliance PKI. Based on the way people phrased their answers it is clear that many have strong opinions about the best way forward. The answers read everything from: “For serious PKI there is no option but Hardware Appliance” to “SaaS is clearly the way of the future, as I see it it’s the only way forward.” In between the two polar opinions there were answers including software, cloud and a few hybrid solutions thrown in between.

If we take a deeper look into geographical differences in the answers, there are a couple of interesting points to be made. Overall, the general consensus seems to be that the deployment type will depend on the use case, but that cloud and/or SaaS are picking up in popularity. The US was the single country that stood out from the crowd where most favored a cloud or managed PKI deployment, and very few mentioned the need for on-premise solutions. We understand that the companies represented at the event are probably not representative for the whole US market, but it still interesting. The US seems to find the flexibility and ease of use when it comes to cloud more appealing and this is also something that we experience with the PrimeKey cloud products. For both EJBCA Cloud and SignServer Cloud, customers from the US have been prominent, at least up until now. In fact, it is even shown in our own organization as our cloud development is based in San Mateo, California.

This is not to say that the rest of the world isn’t interested in cloud deployments; most answers mentioned the need for cloud, SaaS or managed solutions in some form. The difference is that the rest of the world is still more focused on the on-premise solutions where the EJBCA and SignServer hardware and software appliances come in to play. Many still state that they need to manage and maintain their end-to-end solutions themselves, both from a security perspective, but also sometimes from a compliance perspective.

When it comes to use cases and their impact on the preferred way of PKI deployment, there seems to be an overwhelming majority that believes high volume PKI will be appropriate for cloud solutions whereas governmental or extremely sensitive use cases connected to critical infrastructure will lean towards on-premise solutions.

As the use of PKI grows and reaches a broader audience with an even more widespread set of use cases, there is also the question of competence. In the past, most PKI deployments have been implemented and managed by PKI and cyber security experts from both the supplier and the customer, but that is not always the case anymore. Choosing a cloud deployment, or even a SaaS deployment, will decrease the required level of skills for the customer. This adds another dimension to the use case based discussion as start-ups or newcomers to PKI can lower the upfront investment required for their PKI. With a cloud or SaaS solution, they can more easily access the technology without having to employ a full blown security team. Reducing complexity would also decrease any consultancy hours required to set up and maintain a solution if you choose that route.

For PrimeKey, this diversity in opinions and challenges when it comes to deploying PKI is not new. We have been working actively on the subject for a long time and aim at giving you a smooth, efficient and secure deployment in the manner best suited to your business needs. That is also reflected in our product portfolio where you see Software Appliances, Hardware Appliances and Cloud options. You can even deploy your PKI in a hybrid mode, using two or more deployment options. So for us to get answers stating the need for on-prem, but at the same time stating the increase need for Cloud is a confirmation that our roadmaps and the investment in our products have been correct.

Learn how our different deployment options give customers flexible and scalable solutions: PrimeKey customer stories    



Karin Trogstam

Karin is the Director of Communications at PrimeKey and the project manager for PrimeKey Tech Days. Karin has a MSc in Business and Economics from Lund University. She has worked with B2B Tech Marketing for over 10 years and joined PrimeKey in 2016. Contact Karin: +46 769 41 27 59