How Can Following Best Practices Prevent An Outage of Your PKI? Let Us Count The Ways

PKI Best Practices is a topic that is very near and dear to me as you would expect. I didn’t earn my nickname of “The PKI Guy” while I was working at Microsoft because of my skills at poker. Or, maybe I did, but that’s another story. At Microsoft, I spent 10 years as the creator of the PKI Health Check Program and worked for years helping Microsoft engineers and customers build and implement their PKI environments following best practices.

What I want to talk about today are best practices that we define as industry or vendor-specific recommendations on how a PKI and associated configurations should be applied in a PKI environment. We want to help you ensure that you’re operating all of your PKIs based on industry best practices and organizational standards because that’s the best way to avoid outages and other PKI melt-downs that will negatively impact operations at your organization. Obviously, no one’s been fired for reviewing and refining your PKI operational and configuration practices. But, I’m sure a few folks have been fired or gotten close to getting fired in the aftermath of a big outage that grinds your organization’s operations to a halt. Think of it as your PKI housekeeping that needs to be done on an ongoing basis. If you don’t do these monitoring chores, your PKI will be a mess. And, we’ve developed automated tools over the past few years to help make these ongoing chores easier and more efficient for you to do.

Those of you who have worked with us at PKI Solutions will know that we launched our Online PKI Assessment Portal in 2020 which was a revolutionary tool at the time. Previously, an engineer would have to visit a customer site in person with their full bag of tools. Although we still do onsite visits and consulting today, our online assessment portal automates that process so you can simply download our tool and run this whenever you want.

Our assessment portal is an automated self-paced system that allows you to download a tool and collect information about how your PKI is configured. You can then have that information uploaded to Azure and generate an automated report that shows you the areas that need focus and attention for configuration changes. This report will also provide you with a good overview and understanding of areas that you’re getting right. You’ll be able to see everything from how your CA is configured to how revocation information is configured and implemented in your organization. You can check out how things such as Authority Information Access/AIA locations are being addressed and get a set of recommendations.

When we started thinking about PKI Spotlight, our new product which is the industry’s first and only real-time PKI and HSM monitoring and alerting solution, we discovered that there was still a problem even with our original online assessment portal. It was still a one-off process and customers continued to struggle with finding time in their day to remember to download the tool and do that audit once a year to get their recommendations, and then to do something about it. And, even when they found an issue, it could be an issue that has been lingering for months or years just because they just didn’t see it in time. Timing is everything.

Now with PKI Spotlight, we’re actually integrating those assessment items into our product development. More importantly, those assessments will be available with PKI Spotlight in real-time. Our health check feature is under development and this will be in our Q2 release. The intent with our new health check feature is to quickly go over 100 items that we’re looking at in a PKI – and do that in real time.

So, this means that at the moment that you create a template and maybe you accidentally check a box that is incompatible with what you’re trying to do, you will receive an alert. Or, if you see there are issues with how a CRL is configured or CA security or password policies – all of those things will be alerted to you in near real-time.

PKI Spotlight will not only give you information about the operational resilience of your PKI but you’ll be able to get almost real-time feedback about things that you can see happening in your PKI that should be remediated. Now, the intent of this is that these best practices fixes may help prevent outages. If you think of a scenario where a template is misconfigured, that could eventually fill up your CA database drive which will prevent your CA from operating. It’s scary to think about, but a very small configuration and mistake inside of a template can eventually take your CA down. And, that could be months or years down the road. If you are only doing assessments on an annual basis you may miss it and actually end up having an expensive and disruptive outage. By having this information about the status of best practices within your PKI environment in real-time, we think that organizations will find significant value. Again, the very first thing you’ll see with PKI Spotlight is bringing all of these assessment items into the real-time reporting of your PKI.

That’s why Best Practices is one of the four key pillars of PKI Spotlight. PKI Spotlight provides you with clear visibility across all of your PKI component settings and operations so you can how well your PKI environments are aligned with organizational and industry best practices. It also provides a centralized view through a single-pane dashboard to ensure components are configured and operating as they should. Alerting and notification integration is also provided to enable enterprise scale remediation services. We also offer optional co-management support to provide subject matter expertise on demand to triage and remediate issues. And, as our long-term customers know, we provide trusted advisory services for reactive issues and unlimited support for your PKI environments.

I just recorded a PKI Spotlight Best Practices demo video where I give a “sneak peek” at new features that are in development and will be part of our Q2 release for 2022. Please let me know what you think. If you’d like to see a full demo of PKI Spotlight, you can request a demo at pkispotlight.com.

As part of our initiative to make sure that you’re all applying PKI best practices to your PKI environments, we’ll give you a free Best Practices Assessment Snapshot Report if you request a demo of PKI Spotlight by Tuesday, June 7, 2022. You’ll also get promotional pricing when you purchase PKI Spotlight. We’re looking forward to talking with you soon!