The Crucial Importance of a Modern PKI Management Environment

The Crucial Importance of a Modern PKI Management Environment
05 Feb ‘24

New IT Infrastructure developments

The traditional office space within a fixed office setting is losing its dominance, as access to IT infrastructure increasingly extends beyond the confines of a physical office. Organizations are rapidly adapting their IT infrastructure to support hybrid work models, whether it’s in the office, from home, at flexible locations, or on the go.

How to secure IT?

For this evolving IT infrastructure, secure access from any hybrid workspace is paramount. An optimal solution to achieve this is by managing access for all IT devices through digital authentication certificates. Unlike publicly trusted certificates issued by Certificate Authorities like DigiCert, GlobalSign, and Sectigo, these certificates are issued based on an internally established digital root and are often managed using Microsoft Active Directory Certificate Services, commonly known as Microsoft CA.

Many organizations rely on Microsoft AD CS for their internal PKI (Public Key Infrastructure) management. While this system is functionally comprehensive, it requires deep technical expertise, making it less suitable for dynamic PKI environments. For instance, it lacks a graphical user interface (GUI) for specific modifications.

The use case

In early 2022, a Dutch bank recognized the need for a new PKI management system, also known as CLM (Certificate Lifecycle Management). This led them to explore KeyTalk and the capabilities of the KeyTalk Certificate & Key Management System (CKMS). This system not only serves as an alternative to the existing Microsoft AD CS but also enables automated requests for publicly trusted TLS/SSL certificates from the aforementioned CAs, such as DigiCert, GlobalSign, and Sectigo. Subsequently, the KeyTalk CKMS can automate the distribution of these certificates to all workstations and network devices, managing them to ensure timely replacements when they expire, get revoked, or accidentally deleted. This automated process ensures continuous IT infrastructure security, minimizes risks, and saves substantial time and effort for any PKI team.

The quest for the desired functionalities of the new PKI management system led to a request for proposals (RFP) in late 2023. This RFP was issued through the two contracted parties in this domain, Protinus in Houten and SoftwareOne in Amsterdam. Both firms selected several vendors capable of meeting the bank’s expectations.

The choice for KeyTalk CKMS

It was an honor for KeyTalk to learn in December that Protinus had won the mini-competition for this RFP by choosing the KeyTalk CKMS. The implementation of the KeyTalk CKMS at this bank has already commenced and is expected to be completed by the end of June this year.

If you have any questions about this news blog or would like to learn more about the possibilities of future-proofing PKI management (CLM) within your organization using the KeyTalk CKMS, please don’t hesitate to contact us.

 

The KeyTalk Team