Customer Case Study: Avarn Security

Nordic Security Organization (16,000 employees)

Avarn security selects PKI Solutions to design and implement strong PKI foundation, ensuring security and resilience in their corporate identity and encryption systems.

Why did you choose PKI Solutions?

“The work that our company and our corporate, government, and transportation customers do is so mission-critical – particularly in aviation – we wanted to work with the best cybersecurity team in the industry. That’s why we selected PKI Solutions to help us achieve our goals.”

Unique Niche Skills

  • PKI Solutions unique expertise with PKI
  • Extensive experience with Hardware Security Modules (HSMs)

Business Challenge

In an effort to ensure the highest level of security and reliability of their organization’s business operations and to protect their important data, the Avarn Security team reached out to PKI Solutions to manage the design and implementation of a comprehensive Public Key Infrastructure (PKI) project across the company and their various offices and operational hubs. According to Fredrik Perlerot, CTO of Avarn Security’s IT Infrastructure and Operations, the goal of their project was to ensure that their organization’s overall cybersecurity environment was based on a strong and highly reliable PKI that they could count on both now and in the future.

Since Avarn Security provides security solutions for high-profile and mission-critical systems for corporate, government, public section, and major transportation customers — including security for all the airports in Norway – it was important for their IT team to have better control over the organization’s overall PKI environment and all of their identity and encryption systems.

Available, Operational, Secure PKI is Foundational To Business

Avarn Security’s PKI infrastructure was originally set up about 15 years ago so it was seriously outdated and their IT team had little to no trust in their PKI and low confidence in their organizational security due to the unreliability of their existing PKI. In 2018, Avarn Security outsourced management of their IT infrastructure to Cognizant as a part of an organization-wide business transformation project and soon it became imperative that the PKI’s unreliability was addressed once and for all. That’s where the PKI Solutions team came in.

Our company is managing more and more time-sensitive digital transactions so having secure systems and a new state-of-the-art PKI was our primary focus for the project.

You really need a comprehensive PKI solution to broaden your security as a whole. We appreciate PKI Solutions’ expertise in helping us with this PKI project and now our organization is even more secure because of it.

Jan Olav Skeie, IT Architect at Avarn Security

Solution Overview

PKI Solutions worked with Avarn Security to architect and build out their new PKI using a fully-integrated system including a cloud-based Hardware Security Module (HSM) solution hosted by Entrust. PKI Solutions unique expertise with PKI enabled them to provide Avarn Security with the best strategic advice for their project to ensure a successful outcome. For example, since Avarn Security’s operations are located throughout the Nordic region, an important consideration was making sure that Entrust’s data center was located in an area that falls under the European Union’s regulations.

PKI Solutions helped Avarn Security with the assessment of HSM options in the market and recommended a cloud HSM that would be the best solution for their organization. PKI Solutions’ team helped Avarn Security with the decommissioning of their old PKI and managed everything for the company throughout the project including creating the organizational certificate policy and certification practices statement all the way through the architecture, creation of build books, deployment of the PKI and PKI best practices. Finally, the PKI Solutions team worked with Avarn Security and Cognizant to ensure that they are well trained on proper PKI procedures so they are able to manage and maintain their PKI going forward.

Adding additional complexity to the project was the fact that Avarn Security’s IT infrastructure is managed by Cognizant, a leading information technology services and consulting company, and their network is managed by Orange Telecom. Throughout the project, trouble-shooting an issue – like optimizing the connectivity of the HSMs — required coordination with Avarn Security, Cognizant, Orange, and Entrust on the same call to discuss how to ensure the best solution.

In addition, another challenge that impacted the project was the COVID-19 pandemic. Due to COVID-19 restrictions, Avarn and PKI Solutions needed to devise processes and steps to securely deploy and secure the solution without the ability to gather everyone physically.

Key Deliverables

  • Designed a PKI architecture including the assessment of Hardware Security Modules (HSMs)
  • Architected and built out a PKI and cloud-based HSM based on best practices
    Created the organizational certificate policy and certification practices statements for Avarn Security
  • Trained personnel on procedures and process to effectively operate the PKI

Outcome

State-of-the-art PKI and HSM environment to address the security, privacy, and business requirements of Avarn Security’s customers.

Results

Avarn Security is now more confident in their overall PKI infrastructure and the security of all of their organization’s identity and encryption systems thanks to the strategic advisory and deployment services provided by PKI Solutions.

PKI Solutions architected, documented and implemented a state-of-the-art PKI solution for Avarn Security over several months due to delays related to the COVID-19 pandemic restricting travel. The implementation was successful and Avarn Security’s IT team has been very pleased with the results so far. In fact, as their team started to see better security intelligence from their new PKI solution and get more in touch with their business, they realized that they needed an additional certificate authority (CA). More enhancements will be made to their PKI environment over time.

Throughout this PKI project, the U.S.-based PKI Solutions team leading the project provided clear, strategic communication to the Avarn Security team across multiple time zones spanning several Nordic countries to ensure a successful outcome. PKI Solutions continues to support Avarn Security with ongoing PKI consulting services.

What lessons did Avarn Security learn from this PKI project?

According to Jan Olav Skeie, IT Architect at Avarn Security, the investment in his organization’s PKI infrastructure is vital to protecting Avarn Security’s data and ensuring his company’s operational resilience and security posture.

“When it comes to controlling devices and encrypting documents, you absolutely need a robust PKI as the foundation of your organization’s entire security environment. Our customers in the government and defense industry have information that is very sensitive so it’s paramount that we control access to those documents so that only the right people can view that data in a highly secure environment.”

Perlerot added, “Your organization’s PKI is like a foundation for all of your security – it’s the foundational building block that you build everything else on so you really need to make sure your PKI is solid. Now, after working with the team at PKI Solutions, I believe that our PKI is monitoring and protecting all of our company’s data in a very secure environment.”

Get to Know PKI Spotlight!

Schedule a demo with our PKI experts to learn how PKI Spotlight addresses the most common challenges faced by our customers. 

By the end of your call, you'll have a clear understanding of how PKI Spotlight will improve your operational resilience, security posture, threat detection, and best-practice capabilities.

Topics we will cover:

  • How the real-time aggregation engine works to process information from PKI roles such as CAs, CRL distribution points, Hardware Security Modules, and more.
  • How to set up monitoring and alerting rules so that you, your teams, and stakeholders can get notified on changes, failures, and even pre-failure states.
  • How to use config explorer to get insights into PKI configurations such as CA permissions, revocations, and crypto modules.
  • How you can use time-based filtering to keep track of trends and establish behavioral baselines.