Blog postBank & FinanceEJBCA CloudEnterpriseSignServer Cloud

Trusting the Cloud for the connected society

PKI in the cloud

The need for comprehensive digital security has rapidly moved beyond the world of information technology and now encompasses every facet of society. From online banking to connected cars and factories – to MedTech devices located in hospitals and homes – an increasingly software-driven world is vulnerable to cyberattacks and needs to be secured by identities and the protection of digital communication.

Public Key Infrastructure (PKI) is the most trusted and widely used method of ensuring this security fundamental. When combined with benefits such as low CAPEX and almost infinite scale offered by public cloud, solutions such as PrimeKey EJBCA Cloud and PrimeKey SignServer Cloud offer a flexible option that simplifies deployment and extends the utility of PKI to solve a wider range of use cases. PKI standards have protected communication for the last decades. A PKI combines hardware, software, and processes to enable secure communication and data exchange across both private and public networks, including the Internet. PKI is not one technology, but a framework of elements including cryptography, digital keys, digital certificates, and tokens to enable security across a wide range of use cases. In the past, companies implemented PKI mostly on-premises. Since this framework is a highly standardized framework of encryption and authentication technologies, this approach means reinventing the wheel every time. As we became more cloud savvy and organizations learn more about the benefits of cloud services – like scalability, cost efficiency, and availability – a greater number of organizations consider deploying their PKI in the cloud. This removes the need for them to repeat the basics, which are delivered and customized by a central cloud solution. PKI as a concept and connected processes have been used by hundreds of thousands of organizations and by tens of billions of devices across the world for decades. Whether that is taking credit card details for an online transaction or deactivating a car alarm with your smartphone app – across the world, every second of the day, hundreds of millions of secure transactions are powered by this framework. For PrimeKey, the cloud offers a chance to refresh industry perception of PKI as ready and able to meet the most demanding use cases. In areas such as IoT and IIoT, across new use cases such as connected cars and e-Healthcare; the cloud removes many of the complexities that some perceived as a weakness and with a refreshing approach that takes the qualities of tried and tested security architecture to make it ready for the next decade. Yet the refresh around PKI is happening across the board – especially when it comes to the cloud. Each year, the level of native integration between platforms like PrimeKey EJBCA Cloud, SignServer Cloud and the public cloud vendors grows. Recent new public cloud native features include a dedicated external Validation Authority (VA) to cost-effectively scale Online Certificate Status Protocol (OCSP), reducing costs by supporting AWS Key Management Service, and a simplified configuration for clustering, cloud databases and the integration of a cloud Hardware Security Module (HSM). A great example of this level of integration is the ability to scale capacity and throughput on demand if certificate validation requests suddenly spike due to the launch of a new service or product. Another example is the ability to run across multiple cloud vendors – which may be a requirement due to legal or jurisdictional restrictions. These examples highlight what is possible when serious PKI and Digital Signature solutions like PrimeKey EJBCA and SignServer are built from the ground up and developed to do one thing exceptionally well for more than two decades. What PrimeKey has delivered and will continue to offer with our software proves that we have taken the conscious and educated decision over the years to follow the never-ending evolution around digitalization, IT and new business models.  

Read more

Learn more about our PKI and digital signature software in the cloud: EJBCA Cloud SignServer Cloud

harryportrait

Author

Harry Haramis

Harry is the General Manager for PrimeKey in the US. He has 30 years of experience in the field of Information Technologies with extensive experience designing and developing state-of-the-art security technology solutions for the most complex and sensitive information systems. He has worked on projects of all sizes and in all areas of Network & Security infrastructure. As a proven leader, Harry has led teams of technical engineers to the successful conclusion of countless projects. He has published several white papers as well as hosted several seminars and presentations. Harry holds some of the industry’s highest certifications, including CCIE #6772, CCNP, CCNA, CCSE, CISSP, CNE, VCP, and MCSE+I. 

harry.haramis@primekey.com