Evaluating PKI appliances – key aspects to consider

Guest post by Jenny Dybedahl

Jenny Dybedahl is a security consultant with B3 Consulting Group, one of Sweden’s fastest growing consultancy companies within IT and Management. At PrimeKey we are excited about this guest post by Jenny, sharing real-world experiences and expertise from working in different projects involving PKI appliances and across a wide range of use-cases. What is a PKI appliance? My experience is that the answer depends on who you ask. To help evaluate and understand the value of utilizing PKI appliances for your use cases, I will share key aspects to consider based on my experiences from the field. The idea of a PKI appliance is simple: it is a full-stack PKI software and hardware, including Hardware Security Module, solution used for issuing and managing certificates. In practice, however, the capabilities vary between different PKI appliances and more importantly, so does the way in which the appliance is installed and operated. When evaluating PKI appliances, these are the key aspects to consider.

1. Ensure that your PKI appliance really is a “black box”

The technology stack is a minor part of the total cost of ownership for a PKI solution, not least if your PKI needs to comply with regulatory demands. I have worked with systems that have been called an “appliance” but where the first step of installation is an operating system terminal window with root access. That means sysadmin expertise is required to operate and maintain the PKI solution. Additionally, it will entail a lot more work, both to establish the security measures needed for the operating system and to be able to continuously verify the integrity of your PKI installation. It makes compliance audits more complex and can quickly become a significant cost driver. To ensure a sensible TCO of your PKI, look for an appliance that does not immediately enable you to manually control the operating system on the machine.

2. Verify that key features are available out-of-the-box

To deliver a secure and effortless implementation, operation, and validation of your PKI, it is important that the appliance has a key set of features in place:

• Ability to do a full factory reset. A simple reset button that ensures the machine is in a factory default mode, confirming that all sensitive information is deleted, is important to cost-efficiently establish and ensure the integrity of your PKI, especially from an auditing perspective.
• End-to-end encrypted and automated backups. To eliminate the need of operating system-level control over the machine, an end-to-end backup solution should be integrated in the appliance. This enables you to ensure that all information is securely backed up while adhering to set policies, which may include requiring smart card enabled dual control to access backups and do a restore. Not to mention the very important steps taken towards the implementation of a relievable DR strategy by having such features at your disposal.
• Dual control with smart card support. Your appliance should support dual control, enforcing that two or more authenticated admins are needed simultaneously to manage the PKI solution. It helps ensure that physical access to your PKI appliance does not mean that the solution can be compromised.
• Clustering made easy. To establish redundancy and the ability to scale your PKI as needs grow, clustering is important. Preferably, all that your PKI admins should need to do to build out your PKI cluster is to get another machine and add it to your infrastructure, with cluster management happening automatically under the hood.
• Logging and traceability. To ensure the integrity of your PKI and pass regulatory audits, you need to be able to verify that all and every operation of your PKI is traceable. That means your PKI appliance should have built-in features for continuously and securely sending integrity protected log files to an external log server. The log files should not be accessible on the machine itself, ensuring that local access to the machine does not allow for log tampering.
• Integrated updates. A key benefit of a PKI appliance should be that a vendor guarantees that your hardware, including HSM, and software will work after a software update. Make sure your vendor delivers signed updates and that your appliance does not require your PKI admins to spend too much time handling those updates.

3. Strike the right balance between control and flexibility

A PKI appliance should make it easy to follow set processes and policies and difficult to sidestep them. Part of these benefits comes from a limitation in the way your PKI solution is operated – again, ensure your PKI appliance is a “black box”. In some use-cases however, for example when integrating certificate issuing in production processes or other software solutions, you may need to be able to open the “black box”. If that’s the case, your appliance should make it possible – but you should also be aware that when you do so, you may not be able to pass an audit or use many of the benefits of a streamlined operation. It’s a trade off, but the choice between flexibility and security should be available to you. A good approach to evaluating PKI solutions from a technical standpoint is not only to focus on technology that makes it easy to issue and manage certificates – you should also look for technology that makes it easy to become and remain compliant. I hope these aspects can help you find a PKI appliance that serves your needs, while delivering a sensible total cost of ownership.

Learn more about PKI and digital signature hardware for advanced security: PKI and Digital Signature Hardware