This post was updated on: 2020-06-12
During the end of 2018 and beginning of 2019 we have launched PKI in the Cloud, with many interesting learnings from both our own initiatives as well as from interactions with customers, partners and the market at large. The feedback from all of you has been great and we really appreciate all the engagement and positive reactions we’ve been getting. Looking back at the launch we see that our own learnings and the response from the market can be summarized in three topics, and in this Thought Leadership I’d like to share them with you!
Cloud is growing – in several aspects
It shouldn’t come as news to anyone that the cloud is growing and that more companies and people use cloud services to a greater extent each day. More applications and services are launched continuously and it’s rather recently that robust security was enabled in the cloud, for cloud-based PKI it’s just a matter of months. Since we launched EJBCA Enterprise and SignServer Enterprise in the cloud we have seen a steady increase in the interest for the products. The market is realising how critical functions such as this are applicable to host in the cloud, if done right. What started with smaller companies using cloud services has now grown to a much wider scale. Banks, healthcare, security companies as well as governments are all looking closely at cloud. The cloud deployment option has grown and matured a lot recently and as a result even these complex and robust organizations can achieve cost savings while maintaining high security if implementing cloud services in the right way. Looking at the growth of cloud hosting partners, we’ve seen that AWS is the largest but that others are catching up quick. Azure has a strong growth curve, and not long behind comes Google Cloud. This is not only visible in statistics, but we’ve found that it correlates well with the conversations we’ve had with customers and with incoming requests.
Cloud and on prem
For many companies a full cloud-based PKI deployment is perhaps not the right solution, and many are looking at ways to combine a cloud-based deployment with their current or planned on prem security solutions. Flexibility in deployment is important for us as a PKI provider, now more than ever. A recurring question we get from companies looking at deploying their PKI in the cloud is how PKI and Code Signing solutions can be moved in and out between cloud and on-prem. It is good that these questions are being asked before the customer starts their journey. It is through proper planning, configuration and selection of technologies that they can make this possible. Successfully deploying your PKI in the cloud requires a careful selection of AWS CloudHSM, Azure KeyVault, on-prem HSM and other private key considerations. Hybrid installations combining Cloud and on-prem deployments are a very popular approach to take. Distributing components of the PKI, Code Signing and HSM infrastructure when appropriate.
New ways of working
Deploying your PKI in the cloud enables new ways of working where flexibility is a keyword. Cloud is excellent for on-demand, peak and unexpected workloads and is adaptable in a way that on-prem simply isn’t. Cloud, using techniques such as auto-scaling to bring up instances on demand with traffic peaks, infrastructure as code to provision or decommission a whole infrastructure in minutes by running a command, and managed services such as Amazon RDS to manage critical components such as the database, can adapt to a changing business need in a quick and effective manner. It is clear that the cloud continues to develop and to diversify in both applications and deployment methods as the market continues to grow. Mature products, such as PKI, gain flexibility in the cloud and can reach a new audience with needs that differ from the “usual” PKI case. New possibilities arise and I’m sure that not only the cloud in general but the IT Security part of it has some exciting things coming. As for PrimeKey, we have ongoing plans on how to keep evolving our products and our offering, which I look forward to. So, stay tuned on our Twitter and LinkedIn!
Read more about PKI in the cloud and see our webinar “Why PKI in the Cloud” here: EJBCA Enterprise Cloud