February 27, 2019

Blog postEJBCA CloudEJBCA EnterpriseSignServer Cloud

3 things we’ve learned from launching PKI in the Cloud

PKI in the Cloud learnings

This post was updated on: 2020-06-12  

During the end of 2018 and beginning of 2019 we have launched PKI in the Cloud, with many interesting learnings from both our own initiatives as well as from interactions with customers, partners and the market at large. The feedback from all of you has been great and we really appreciate all the engagement and positive reactions we’ve been getting. Looking back at the launch we see that our own learnings and the response from the market can be summarized in three topics, and in this Thought Leadership I’d like to share them with you!


Cloud is growing – in several aspects

It shouldn’t come as news to anyone that the cloud is growing and that more companies and people use cloud services to a greater extent each day. More applications and services are launched continuously and it’s rather recently that robust security was enabled in the cloud, for cloud-based PKI it’s just a matter of months. Since we launched EJBCA Enterprise and SignServer Enterprise in the cloud we have seen a steady increase in the interest for the products. The market is realising how critical functions such as this are applicable to host in the cloud, if done right. What started with smaller companies using cloud services has now grown to a much wider scale. Banks, healthcare, security companies as well as governments are all looking closely at cloud. The cloud deployment option has grown and matured a lot recently and as a result even these complex and robust organizations can achieve cost savings while maintaining high security if implementing cloud services in the right way. Looking at the growth of cloud hosting partners, we’ve seen that AWS is the largest but that others are catching up quick. Azure has a strong growth curve, and not long behind comes Google Cloud. This is not only visible in statistics, but we’ve found that it correlates well with the conversations we’ve had with customers and with incoming requests.  

Cloud and on prem

For many companies a full cloud-based PKI deployment is perhaps not the right solution, and many are looking at ways to combine a cloud-based deployment with their current or planned on prem security solutions. Flexibility in deployment is important for us as a PKI provider, now more than ever. A recurring question we get from companies looking at deploying their PKI in the cloud is how PKI and Code Signing solutions can be moved in and out between cloud and on-prem. It is good that these questions are being asked before the customer starts their journey. It is through proper planning, configuration and selection of technologies that they can make this possible. Successfully deploying your PKI in the cloud requires a careful selection of AWS CloudHSM, Azure KeyVault, on-prem HSM and other private key considerations. Hybrid installations combining Cloud and on-prem deployments are a very popular approach to take. Distributing components of the PKI, Code Signing and HSM infrastructure when appropriate.  

New ways of working

Deploying your PKI in the cloud enables new ways of working where flexibility is a keyword. Cloud is excellent for on-demand, peak and unexpected workloads and is adaptable in a way that on-prem simply isn’t. Cloud, using techniques such as auto-scaling to bring up instances on demand with traffic peaks, infrastructure as code to provision or decommission a whole infrastructure in minutes by running a command, and managed services such as Amazon RDS to manage critical components such as the database, can adapt to a changing business need in a quick and effective manner. It is clear that the cloud continues to develop and to diversify in both applications and deployment methods as the market continues to grow. Mature products, such as PKI, gain flexibility in the cloud and can reach a new audience with needs that differ from the “usual” PKI case. New possibilities arise and I’m sure that not only the cloud in general but the IT Security part of it has some exciting things coming. As for PrimeKey, we have ongoing plans on how to keep evolving our products and our offering, which I look forward to. So, stay tuned on our Twitter and LinkedIn!  


Read more

Read more about PKI in the cloud and see our webinar “Why PKI in the Cloud” here: EJBCA Enterprise Cloud



Harry Haramis

Harry is the General Manager for PrimeKey in the US. He has 30 years of experience in the field of Information Technologies with extensive experience designing and developing state-of-the-art security technology solutions for the most complex and sensitive information systems. He has worked on projects of all sizes and in all areas of Network & Security infrastructure. As a proven leader, Harry has led teams of technical engineers to the successful conclusion of countless projects. He has published several white papers as well as hosted several seminars and presentations. Harry holds some of the industry’s highest certifications, including CCIE #6772, CCNP, CCNA, CCSE, CISSP, CNE, VCP, and MCSE+I.