Today digital signatures and digital certificates are widely used not only for meeting the internal needs of organizations, but also in interagency e-document flow, online banking, and e-tendering. In other words, proper, competent and secure use of digital signatures is critical for any organization.
PKI and asymmetric cryptography can help your company to address the following information security tasks:
- Replace outdated password authentication with strong two-factor authentication for access to operating systems and applications (VPN, VDI, etc.)
- Digitally sign and encrypt email
- Use a qualified electronic signature to comply with regulatory requirements, enable legally valid document flow, interact with online banking systems, and participate in tenders and procurement
- Encrypt files, disks, and other data
However, to properly support your PKI you have to address a number of new challenges:
- Consistently manage different models of your tokens, as well as certificates issued by various certificate authorities.
- Bring your certificates in line with user tasks, i.e. make sure that each smart card contains all the certificates required by the user without any redundant certificates.
- Centrally manage policies regarding user PIN codes for tokens, i.e. establish policies for PIN code complexity and PIN change frequency.
- Carefully monitor certificate validity and ensure their timely renewal.
- Keep track of your tokens and assign them to specific employees and workstations to control how PKI tokens are used in your company.
- Keep a log of cryptographic facilities.
- Unlock the tokens that get locked when users forget their PIN codes.
As cloud computing continues to evolve and remote work gets more popular, various new technologies that do not require a hardware token for storing key data are gaining traction, such as network and virtual smart cards and electronic signature in the cloud and smartphone.
Addressing the challenges related to the operation and management of your PKI infrastructure may require a lot of time and money, not to mention the related information security threats. The optimal solution for addressing this task would be to use a specialized PKI Management product designed for centralized monitoring and management of your PKI.
The primary function of such products is to serve as a «certificate manager». These software suites can help you significantly improve the efficiency of your PKI management and enhance your information security.