Keyfactor, PrimeKey to Advance Certificate Automation

Keyfactor announced this week announced it intends to merge with PrimeKey as part of an effort to enable organizations to more easily manage certificates on an end-to-end basis. The company also revealed it has raised an additional $125 million in funding.

PrimeKey is a provider of a certificate authority (CA) service that also makes its platform available to other CAs as an open source project dubbed EBJCA. Keyfactor, meanwhile, provides software that automates the certificate management process. PrimeKey also offers a time stamp authority (TSA) service, dubbed SignServer, as well as a collection of cryptography application programming interfaces (APIs) known as Bouncy Castle.

Keyfactor CTO Ted Shorter said IT organizations will soon be able to acquire certificates, as well as the tools to manage them, from a single vendor. In addition, Keyfactor will extend the reach of its certificate management platform to other CAs that make use of open source EBJCA software, said Shorter.

The rate at which certificates are provisioned and renewed has become a major issue as the rate of change in IT environments accelerates. At the same time, Shorter noted, the rise of Internet of Things (IoT) applications also exponentially increased the number of machines that require certificates.

A typical DV SSL certificate can usually be issued in minutes by the average CA. However, for organizations that have adopted agile development and DevOps best practices, that’s still not fast enough. There is now a need to issue a certificate in seconds. Organizations that have adopted DevOps generally prefer to automate the process from within their continuous integration/continuous delivery (CI/CD) platform by relying on APIs.

The rise of containers as an atomic unit for building microservices-based applications has further complicated matters. Containers are constantly being spun up and down in real-time. As microservices are deployed and updated, a certificate needs to be created on demand. That also means the number of certificates issued has exponentially increased, as well.

Unfortunately, it’s not uncommon for entire web sites to suddenly become unavailable because someone didn’t renew a certificate after it was initially issued. In many instances, the developer or IT professional that originally requested it is no longer working for the organization. As a result, the need to automate the issuance and renewal process in a way that enables centralized management has become more acute.

It’s unclear these days who within an organization is ultimately responsible for certificates. Historically, certificates have been managed by cybersecurity teams or have fallen under some other IT operations function. However, as more responsibility for cybersecurity shifts left toward developers, many DevOps teams are now programmatically managing the certificate issuance and renewal process.

At a time when the appreciation for a zero-trust approach to cybersecurity is rapidly increasing, it’s clear certificates have a significant role to play in making sure machine-to-machine communications are encrypted. The challenge, of course, has always been finding a way to proactively manage certificates that, if allowed to lapse, could take a mission-critical digital process offline without anyone noticing until it’s far too late.

Avatar photo

Michael Vizard

Mike Vizard is a seasoned IT journalist with over 25 years of experience. He also contributed to IT Business Edge, Channel Insider, Baseline and a variety of other IT titles. Previously, Vizard was the editorial director for Ziff-Davis Enterprise as well as Editor-in-Chief for CRN and InfoWorld.

mike-vizard has 745 posts and counting.See all posts by mike-vizard