Blog postEJBCA Enterprise

Preventing the erosion of consumer trust

Torr jord

There is a lot of buzz and talk surrounding public key infrastructure (PKI), but few decision-makers understand the kind of business impact a decision not to use a PKI solution can really have.

The Internet is constantly expanding, which means that companies are being challenged to protect data from targeted attacks. Protection against these attacks usually focuses on financial, healthcare and personally identifiable information. Media stories about breaches and negative exposure remind us that some decision-makers do not take the backbone of IT security seriously enough. However, as many corporations have learnt, even a breach of “unregulated data”, such as e-mails and home addresses, can result in financial losses and severe damage to their brands. Simply put, neglecting security leads to the erosion of customer trust.

Leading companies, such as Apple and Google, make substantial use of PKI to protect their business and to protect their customers. What is perhaps not as well-known is the fact that Google is very active in ensuring that these technologies are used in the right way. From a generic corporate point of view, there are very few medium or large enterprises out there that are not facing the challenge of engaging securely with a large number of customers, external services, devices and/or gadgets. As we all go towards the Internet of Things, the vast majority of security experts agree that efforts to prevent breaches will become even more complex.

At PrimeKey, we have identified some positive trends – our customers perceive security as an important value delivered as part of their offerings – be it for their own users and customers, or built into smart devices that they deliver worldwide, or within the next generation of network and telecom infrastructure used daily by all of us.

Last year we interviewed customers who invested in an enterprise PKI solution from PrimeKey Solutions. When asked about the main benefits, we were repeatedly given the following answers:

  1. Proven, robust and scalable solution for their IT security infrastructure.
  2. Shortened deployment from months to weeks.
  3. Virtually no downtime when upgrading, and safe in the knowledge that they receive the most up-to-date releases, with new features, patches and improvements.

As one customer of PrimeKey said, “one key factor in our decision to choose EJBCA Enterprise was the ability to efficiently manage a large variety of issuing CAs and certificate types and to support our business continuity goals”.

All of these areas can be assessed using well-known measurements in the IT industry, including performance metrics, feature metrics and total cost of ownership (TCO). At PrimeKey we are very proud to deliver value for all of these measurements. However, should we limit our decisions based on measurements of IT expenditure? Sometimes we are challenged and asked if we have a “short answer” that could convey the pitfall of a “no go” decision?

And yes, we actually do. At the end of the day the total impact of an untoward outcome of a “no go” decision could potentially overthrow the whole enterprise. Starting with a “no go” and some marginal savings on the IT security account, followed by an unwanted but nevertheless malicious attack, resulting in a breach of accounts, leading to an incredibly fast erosion of customer trust. The absolute foundation for any company. Maybe we should add Value of Customer Trust as a measurement when deciding about security?