City Skyline at Night with Globe Graphic Overlay

Why Enterprises Need a Technology Agnostic Approach for PKI Automation

The first rule of any technology used in a business is that automation applied to an efficient operation will magnify the efficiency. The second is that automation applied to an inefficient operation will magnify the inefficiency.– Bill Gates


How PKI Automation Strengthens Your Enterprise Security

Automation is a double-edged sword, but will help you if implemented correctly. If not, it can do more harm. Maintaining a robust, flexible and safe enterprise network relies on having the right automation strategy and processes. It is essential to recognize that a robust public key infrastructure (PKI) is a must for any enterprise security. It is the gold standard for encryption, authentication and digital signature – providing a very strong and adaptable foundation for a Zero Trust security model.

One vital part of implementing a Zero Trust security model is to automatically verify every user and device connecting to the network regardless of if it’s inside or outside the firewall. The most efficient way to implement it is via automated certificate provisioning, management and validation for passwordless authentication.

The Need for PKI Automation Is Growing Rapidly

Enterprise networks are expanding rapidly due to several reasons:

  • Digital transformation is increasingly migrating applications, systems and data to the cloud
  • The growing ubiquity of Internet of Things in every industry
  • The prevalence of multiple, connected endpoint devices driven by remote work and “bring your own device” initiatives
  • An increasing trend of microarchitecture environments and the availability to rapidly create new production and development environments

As more devices connect to the network and more applications are being launched, the need for PKI automation and scale increases. Also, the certificate lifespan is shortening so the risk of certificate mismanagement and outage is higher.

Automation is the key, but which model of automation is best? There are three main models of automation – agent based, agentless and connector – and it’s important to determine which automation model is suited for your organization. Right now. We’re going to look at the connector model.

The Connector Model and Why It’s the Platform and Vendor Agnostic Approach

Instead of relying on vendor specific agent or agentless architecture for automation, the connector model uses open-source utilities (such as ACME clients) and already deployed tools within enterprise networks (such as Microsoft Intune) to automate certificate deployment and lifecycle management.

Connectors work autonomously to request and install certificates independent of one another with a lightweight browser-based certificate portal providing the traditional certificate management functions like manual issuance, revocation, reporting and account management. This approach decentralizes the mechanics of managing certificates — eliminating the management console from being an enterprise-wide, central point of failure. In addition, connectors are not proprietary to a vendor. They can be simply re-configured for use with other certificate service providers.

Future Proof Your PKI With HID PKI-as-a-Service

HID PKI-as-a-Service (PKIaaS) uses the connector model for highly secure and simple certificate management. This method ensures that certificates are not just automated, they’re perfectly tailored to your needs. It allows enterprises to enjoy:

  • Scalability and modular growth. Connector certificate automation is infinitely scalable, allowing organizations to easily expand their use cases in the future.
  • Geographically dispersed architecture. If one region goes down, traffic can be diverted to another. In addition, customers with manufacturing in different parts of the world receive faster responses to requests — especially helpful for Internet of Things use cases.
  • Simple subscription plans. Instead of paying per certificate, HID Global leverages a subscription model with various thresholds.
  • Access to experts. With PKIaaS from HID Global, help is available at almost any time on the web, through email or by phone.
  • Reduced IT burdens. Free your IT department from time-consuming manual certificate renewal and database management so they can focus on other mission-critical systems and software.
  • Fewer outages. Expired certificates lead to outages that affect an organization’s reputation, productivity, and bottom line — and they’re almost inevitable with dated and self-driven setups.

Wherever you are in the PKI automation process, HID Global can help. Need guidance on how to select the best PKI automation strategy for your organization? Read our eBook, PKI Automation Strategies: Finding the Perfect Fit for Your Organization. Ready to rollout PKI automation? Get direction from our technical guide, Certificate Automation Rollout for Enterprises: Getting Started With the Connector Model of PKIaaS.

Mrugesh Chandarana is Product Management Director for Identity and Access Management Solutions at HID Global, where he focuses on IoT and PKI solutions. He has more than ten years of cybersecurity industry experience in areas such as risk management, threat and vulnerability management, application security and PKI. He has held product management positions at RiskSense, WhiteHat Security (acquired by NTT Security), and RiskVision (acquired by Resolver, Inc.).