Interview: CMS Expert Answers the Most Tricky PKI Questions

For decades PKI has remained one of the most effective technologies for authentication of users and devices. Nevertheless, many companies witness that the PKI evolution does not go in line with the growing needs of users. Legacy systems are not able to meet modern customer requirements, giving rise to a number of concerns. We invited Nikolay Lazitskiy, one of the PKI experts, to provide answers to the most painful and tricky questions of customers worldwide.

One of the most popular and common questions we face: Is PKI still alive?

Nikolay: Definitely, yes. And it is not just alive, but still actively used not only in large enterprises. We can meet PKI in national IDs systems. Today even small companies or individuals use certificates for authentication and qualified electronic signature when they communicate with government services. And of course, PKI is used in modern hybrid or cloud IT solutions, like Microsoft Azure or Amazon Web Services. I can confidently say that PKI is everywhere.

Why do you require CMS if the basic tasks of certificate management are performed by a CA?

Nikolay: First, CMS allows you to decrease the number of manual operations in different snap-ins or web services and to save your time. In one window you can make all necessary operations with a smart card (initialization, user PIN generation, unblock etc.) and certificate (create request and send it to the CA, renew or revoke).

Second, in CMS you can create different workflows for certificates and smart card management. For example, you can configure smart card issuance rules for certain groups of users or even departments.

Finally, CMS can help you with notifications and reports. It can notify IT staff or users about expiring or expired certificates, issued smart cards or certain certificates and many other events. The Inventory team can track the amount of used and available empty smart cards.

How to use systems for PKI management and device inventory to effectively address the tasks?

Nikolay: Certificate Management Systems (CMS) are used to make PKI infrastructure visible for network administrators, security officers and in some cases for the end users. Such solutions can help you find, enroll, store certificates and backup private keys. If we are talking about hardware, then some CMS have inventory functions that help you manage HSMs, smart cards and USB-tokens along with saved certificates on them. CMS also allows to delegate some certificate or smart card management tasks from IT specialists to the end users. For example certificate enrollment and smart card initialization in the self-service application according to predefined policies. You can get more from CMS if it is integrated with other IT systems in your company, like Identity Management and Access Control Systems.

How can small and medium enterprises increase Return of Investment (ROI) from using PKI?

Nikolay: PKI is quite expensive, that’s true. Especially on the start of implementation. But if you include PKI in several processes in your company, it turns much cheaper. For example, PKI can be used for email encryption and electronic signature only in one department. But if you bring it into domain and device authentication, the number of PKI users will increase, and each certificate and smart card will cost you less. You can also combine personal smart cards with certificates and plastic ID or physical access cards in one. It can reduce costs for different types of cards and onboarding procedures. 

Another possible way for small companies to pay less, is to start to use PKI as a service. In that case they don’t invest in CAs, HSMs and staff training and pay trusted PKI providers only for issued certificates (for qualified electronic signature for example).

PKI is not only alive but also actively evolving. Enterprises and companies of any size can benefit from using it properly. The certificate management system can bring maximum efficiency to your PKI life. With the right CMS in place, you can automate the workflow and reduce the load on the IT department, and lower the company’s costs and increase the security level.

Would you like to learn more about other benefits that a CMS system may bring specifically to your company? Do you want to ask any PKI-related questions? Click the button below and get a free consultation from our expert.