Is Public Key Infrastructure (PKI) Crucial
Is Public Key Infrastructure (PKI) Crucial for Securing Today’s Digital Transactions?
Identity and privacy are essential to protect digital transactions. Today they are even more critical. Brian Trzupek, Senior Vice President of Emerging Markets at DigiCert shares how with the right strategy, organizations can meet challenges while building a foundation for a successful implementation of PKI technology.
Today’s enterprise organizations are up against a wave of new challenges maintaining security and privacy. Conducting business electronically has long been the norm, but it can still leave information vulnerable. To safeguard the data that drives their key business processes, organizations need to restrict access to confidential information, classifying documents, and other information, based on the user’s level of authentication.
Identity is also increasingly important to enabling the trust that drives digital transactions. It’s up to every organization to consistently authenticate the identity of users and IoT devices. They also need to verify the integrity of documents and communications passing through the organization.
These challenges take on new importance given the unprecedented challenges in our current environment. Over just a few weeks, much of the world’s workforce has switched to remote work. A recent Gartner snap poll indicated that 91% of HR leaders have implemented work from home initiatives. As they rapidly transition more employees to this new model, corporations may lack provisioned laptops, driving BYOD adoption where it may not have existed before. Supporting a remote workforce securely is increasingly complex because people are staying productive using a diverse array of devices, including mobile phones, laptops, and tablets.
PKI is the way
Passwords alone aren’t sufficient to mitigate today’s security challenges. For most enterprise organizations, Public Key Infrastructure (PKI) is fundamental to securing today’s digital transactions. In the enterprise, people routinely authenticate to access corporate resources. They may do so without revealing their identity, or authenticate using a stolen password. Identity is just as important as authentication, and PKI can help enable the strong identity practices required to maintain the integrity of enterprise data.
Enterprise organizations also need the ability to set up their secure devices at scale. They must enroll those devices into a management platform, providing a secure digital certificate to authenticate to VPN or other resources.
For example, IBM scales its Identity Services across an environment that encompasses 500,000 users, in 170 countries. The firm’s managed PKI insulates end-users from technology while supporting trusted transactions. Users can go about their daily business in a frictionless way, secure in the knowledge that they are upholding security and compliance requirements.
For organizations that need to maintain business continuity even after transitioning to a largely remote workforce, PKI can also support document signing for remote workers. It lets organizations securely prove that documents have been signed and are un-altered, for distribution to multiple regions. For example, in the EU, qualified electronic signature certificates, enabled by qualified digital certificates, can support business online or across borders. They are available for individuals and corporations and could enable a legal team to sign a certificate that’s valid for a specific company.
PKI available to the entire company
What is needed to enable modern PKI for today’s challenges? First of all, organizations need the ability to support multiple devices, remotely. In many complex organizations, an individual or a team will be responsible for managing digital certificates remotely, from a few locations. These organizations need a platform to automatically track the certificate lifecycle, from any location. The solution should be automated for agility and support the rapid deployment of additional users, enabling IT or security departments to pre-provision certificates before an employee joins the organization—or automatically upon onboarding.
To maximize adoption and ease of use, the solution should be fully transparent to users, while providing strong identity and authentication capabilities to the corporate VPN.
For today’s increasingly dispersed global organizations, a modern PKI solution should support flexible deployments that are easy to maintain and can scale smoothly. It should be capable of meeting in-country deployment requirements, and also ready to offer public, private, or hybrid cloud support.
The solution should also enable organizations to simplify complexity, through a holistic approach to management. According to a recent IDC survey, 37 percent of participants cited security complexity as among the top three challenges their organizations face over the next two years. An end-to-end, centralized management tool can free up limited security and IT resources to focus on other business priorities.
Identity and privacy have long been essential to protecting digital transactions. In today’s uncertain environment, they have become even more critical. With the right strategy and solution, organizations can get out in front of their most pressing challenges now, while building a foundation for continued compliance and integrity well into the future.
ABOUT THE AUTHOR
Brian Trzupek is SVP of Emerging Markets at DigiCert. A crypto and security tech by day and night, Brian brings nearly two decades of expertise on many security subjects to the team. He’s constantly innovating use cases for enterprise PKI, which are facilitated by the industry-leading DigiCert ONE Platform.