What it is:
Public Key Infrastructure (PKI) consists of the services, processes and roles required for the creation, issuance, management, distribution, usage, storage, and revocation of digital certificates. These certificates enable authentication of the identities across various parts of the data transfer process, and can be used for the encryption of traffic between endpoints.
What it does:
Through the management of digital certificates, PKI ensures higher levels of security when deployed within organizations by validating the authenticity of resources and encrypting data.
Why it matters:
By using PKI, enterprises are able to make security decisions based on sound cryptographic fundamentals: it would be difficult, if not impossible to manage digital certificates (ad he cryptographic keys they represent) otherwise. Use of digital certificates ensures decisions made upstream with SaaS, PaaS and identities, applications, and encryption are sound and grounded.
What to do about it:
Enterprises that want to stay competitive should understand that reputation and trust are very difficult assets to earn back once they are lost. Correct use of a PKI can and should be applied to every digital identity across the enterprise including devices, apps, and people. However, management of keys in-house is onerous and unnecessary.
- Encrypting sensitive data
- Verifying the authenticity of an endpoint
- Ensuring data has not been tampered with
- Controlling who can get access to the data
- Authenticating software to prevent malware
- Guaranteeing servers are authentic
- Enabling identification of phishing sites that pose as authentic websites
Keeping PKI centralized on-premises requires a tremendous amount of resources to run and may not even adequately cover everything like signing or public Certificate Authorities (CAs). Failure of any one facet can be catastrophic. For this reason, a cloud-based deployment model allows enterprises to fully secure the environment with simple deployment while reducing maintenance operations – resulting in real Total Cost of Ownership (TCO) savings over time.
Deployment of a PKI should encompass the following principles:
- Master the management of the interconnected nature of numerous SaaS applications.
- Understand use cases for digital certificates, their administration and ownership, and be able to make risk-based decisions about what should and should not be allowed to interconnect.
- Be as flexible as possible while leveraging the cloud to control risks such as keys being lost in multi-factor authentication or security event management.