aerial view of person working with laptop in lap

Why You Need Managed PKIaaS for Secure Remote Working

The pandemic has caused companies to radically rethink how they can keep employees safe while running a successful business. For many, the answer has been a switch to remote working — supporting workers as they do their jobs from home. While remote working solves many problems for social distancing, hygiene and a healthy workforce, it also introduces additional risk into business networks and systems.

As businesses move to new remote-specific applications, build out customer integrations and use a variety of endpoint devices, the network widens and becomes more vulnerable. Enterprise security teams need a fast and flexible approach to securing the remote network — the answer is Public Key Infrastructure as a Service (PKIaaS).

Remote Work Is a Significant Security Concern

A recent survey that we conducted with the experts at Dark Reading told us that remote working is a major concern for cybersecurity teams. The survey showed that the percentage of cybersecurity professionals agreeing with the following statements is:

  • I believe that the pandemic will necessitate even greater changes in my IT and security environments in 2021 than it did in 2020: 70 percent
  • I believe the pandemic will fundamentally change my organization’s computing and data security strategies for the long term: 55 percent
The sudden requirement to support almost the entire workforce this way (via remote working) puts enormous strain on enterprise remote-access capabilities, endpoint security, patching practices and authentication requirements. Over the medium term, security leaders will need to focus on aligning their overall programs and protocols with the “new normal,” in which many employees will permanently become remote workers.


Cybersecurity Teams Need Powerful PKIaaS

The challenges of remote devices, increased endpoints, more vulnerabilities and a greater attack surface means IT security needs fast, flexible, robust PKI infrastructure to protect enterprise networks.

HID’s managed cloud-based PKI-as-a-service, enables organizations to quickly create and deploy their enterprise PKI trust hierarchies to secure their networks, IT systems and IoT devices. HID’s PKIaaS adapts to multiple security scenarios and can be quickly deployed for remote working.

As a foundational security technology implemented for decades, public key infrastructure (PKI) is already deployed in most enterprise IT infrastructures. However, the ongoing management and maintenance of an in-house PKI deployment can be difficult and require dedicated, skilled staff — adding to overall security costs. An on-demand PKIaaS solution can significantly reduce those costs and keep them under control.

How HID Can Help

HID’s PKIaaS provides several significant benefits out-of-the-box:

  • Digital certificate provisioning of all endpoints integrating with popular solutions like Microsoft Intune or VMWare Airwatch
  • Providing a secure virtual desktop infrastructure through authentication and data encryption
  • Supporting a Zero Trust policy for rigorous, end-to-end security

Securely Authenticate Remote Employees Into Your Network

Modern PKI deployments enable automated digital certificate provisioning to mobile phones, tablets and laptops through a Mobile Device Management solution such as Microsoft Intune or VMWare Airwatch.

These certificates can be used for passwordless authentication for any corporate network resources or applications. HID PKIaaS supports SCEP protocol for out-of-the-box integration with various Mobile Device Management (MDM) platforms.

Secure Virtual Desktop Infrastructure (VDI)

Virtual Desktop Infrastructure makes it easy for remote employees to access all their files and applications from anywhere in the world while allowing that data to still live on the corporate server. HID PKIaaS automates the deployment of digital certificates for authentication and data encryption with VDI.

Enable Zero Trust Remotely

A building block for Zero Trust implementation is the widespread deployment of Transport Layer Security (TLS) in today’s devices and software stacks. TLS relies on digital certificates to provide identification of servers and facilitate the confidential exchange of cryptographic keys between a server and a client.

These certificates authenticate and encrypt all transactions in your network, regardless of where users or devices are located. HID PKIaaS enables IT teams to seamlessly enroll, download, install and renew these certificates with Microsoft Autoenrollment support, Microsoft Intune Integration or through RESTful APIs.

HID Managed PKI eliminates operational complexity and dramatically reduces costs related to operating and deploying a private organizational PKI.

Choose from a simple pre-configured service for a Dedicated Issuing Certificate Authority (CA) or a completely customized Private Root PKI Service that:

  • Provides a unique trust anchor at the issuing CA level and management of all CAs
  • Offers full turnkey service, including private root key generation ceremony and custody management of all off-line key material
  • Supports Zero Trust with secure authentication and communications between machines, devices, IoT and virtual servers
  • Automates certificate lifecycle management through Microsoft Autoenrollment and other standards-based certificate management protocols such as SCEP, EST and ACME as well as API support

Learn more about how PKI and Zero Trust security work together. If you’ve still got questions, we have experts who can help.

Mrugesh Chandarana is Product Management Director for Identity and Access Management Solutions at HID Global, where he focuses on IoT and PKI solutions. He has more than ten years of cybersecurity industry experience in areas such as risk management, threat and vulnerability management, application security and PKI. He has held product management positions at RiskSense, WhiteHat Security (acquired by NTT Security), and RiskVision (acquired by Resolver, Inc.).