For many enterprises, the move to digital business is uncovering the limits of existing trust infrastructures. Rapid growth in the number of deployed certificate authorities (CAs) is contributing to increasing management costs. Central to this, many security teams are grappling with the increased burden of public key infrastructure (PKI) point solutions that are deployed to address a specific problem. Our conversations with security leaders that are on the journey to digitization continue to highlight a key challenge – while IT is grappling with supporting a tactical implementation of PKI, the demands of the business overwhelmingly require a more strategic and holistic approach.
If you’re looking for a stronger PKI solution, we’ve made some important product enhancements that simplify scaling up for digital business, deployment and management, and reduce your total cost of ownership.
Providing Digital Trust at Scale
Trust infrastructures built upon open source or bundled PKI solutions are clearly showing their cracks: poor support; lack of control over multiple PKIs, increasing management costs, lack of resources and expertise, and the inability to scale to meet future requirements. Maintenance and complexity has skyrocketed with the requirement to administer CAs from across the business. Clearly, many trust infrastructures built for specific use cases at a point in time are not scalable for the demands of digital business – endpoint diversity, evolving use cases, and integration with complimentary solutions.
A key challenge with open source or bundled PKI is lack of scalability. These trust infrastructures are often deployed to support a single use case that were not designed to integrate with other PKIs or broader ecosystems. Managing many self-signed CA’s also does not provide a “central root of trust,” which is essential for applying a consistent enterprise wide security policy and reduces interoperability with external trust infrastructures. Many of these PKI implementations use a dedicated CA for each use case, often because of the lack of a centralized enterprise PKI or siloed implementation within the organization. These implementations become increasingly costly and complex to manage as digital ecosystems expand and use cases evolve.
Simplifying Deployment, Migration and Management
At one point in time, it was acceptable to deploy a PKI for a specific application or series of applications within an enterprise. Not anymore. Providing digital trust at scale demands a rethink of how trust infrastructures are deployed and managed. With a plethora of digital business use cases demanding an ever-increasing trust footprint across users, devices, and applications, we need to simplify how trust is deployed and managed across our organizations. This will become critical as the trust requirements evolve to a more dynamic and distributed model.
With the release of Entrust Authority Security Manager 8.2 and Administration Services 9.0, we have added enhancements designed to streamline deployment, simplify migration from a third-party CA, and provide a more unified management experience across multiple CAs.
Third Party CA Key Migration
The explosive growth of trusted entities in an organization continues as users, devices, and applications scale up for digital business. Changing your PKI solution used to mean building a new CA and a painful and time consuming process of installing your CA certificate on every endpoint, a significant scalability problem in larger organizations with a large distributed environment. Distributing a new CA certificate to every endpoint in a large organization can be an expensive and time consuming task.
Entrust Authority Security Manager now provides additional support for migrating certificates from other vendor systems without having to distribute a new trust anchor. The latest release addresses this challenge with the third party CA Key Migration feature. With CA Key Migration, there is no need to generate new keys and certificates when migrating. Entrust Authority Security Manager will import and adopt existing CA keys and certificates as well as start managing your existing end users. CA Key Migration completely removes the pain of having to generate a new CA key and CA certificate and removes the need to distribute to every endpoint across your organization, clearing the path forward to migrate your PKI solution to Entrust Datacard without having to worry about traditional CA certificate distribution hassles.
A Streamlined Solution with Lower Total Cost of Ownership
If you’re considering making the move to a trust infrastructure that’s easier to manage, more cost-effective, and future proof for digital business, we have some resources that can help. Learn more about the high costs of “free PKI,” how trust can enable cloud and mobile, and how you can simplify certificate management across your organization. Visit https://www.entrust.com/world-class-pki/
This is a Security Bloggers Network syndicated blog post authored by Entrust Datacard Blog. Read the original post at: Entrust Datacard Blog