Every organisation is using a fast growing collection of digital keys. Keys used in the public domain, bought certificates from commercial parties and keys used in the private domain. Maintenance of those keys is getting more and more problematic, with the consequence that security decreases and in some cases systems that cannot be reached.
The consequence that security decreases and in some cases systems that cannot be reached can be solved by provisioning; automating the logistic of certificates. Traxion has real experience in the area of EKMS (Enterprise Key Management). In an EKMS project an internal RA (Registration Authority) is implemented. This brings together external and internal certificates streams into a manageable and testable whole.
Part of an EKMS can be the setup of a strong internal PKI (Public Key Infrastructure) and the automation of certificate provisioning. This is because weak keys and key management determine the strength of security mechanisms that are using this.
SSL certificates are not all there is to it with EKMS. The use of certificates for other purposes increases fast. For example dossiers like DNSSec and mobile devices and apps. These topic need to be addressed. One final important note is that as of 2015 public TTPs can no longer provide SSL certificates for systems without a public internet address. This implies that you need to start managing your cryptographic keys yourself, a.s.a.p. For setting up an internal facility or finding an external solution and migrating your keys, there is still time, but not in abundance.
If you want more information on PKI en/or EKMS, please contact us. We like to share our vision and experience regarding this fundamental piece of security infrastructure.
Get in contact