Configuration, Availability, and Recoverability of All of Your PKI and HSM Environments
By Mark B. Cooper
OK, I’ll admit it. When it comes to talking about PKI environments, operational resilience is one of my favorite topics. Operational resilience is important because it defines how your organization’s identity and data encryption systems remain secure and operational while mitigating risks and disruptions. The number one thing that we hear from organizations when discussing operational challenges in their PKI is that these challenges have a direct impact on their business – ranging from factory production shutdowns, remote workers that can’t connect to work, failing WiFi network access, application server failures, and even the ability to collect payments from customers which can cost $100,000 per hour. These are some of the real challenges that organizations face due to poor operational resilience of their PKI.
Organizational resilience is one of the four key pillars of PKI Spotlight, our new product which is the industry’s first and only real-time PKI and HSM monitoring and alerting solution. In a nutshell, PKI Spotlight can help improve your PKI’s operational resilience by improving the uptime, availability, and recoverability of your PKI and the Hardware Security Modules (HSMs) environments. Best of all, PKI Spotlight allows you to very quickly view and monitor this consolidated information about your organization across any of your platforms in one easy-to-use dashboard.
The goal of operational resilience is to make your higher level identity and data encryption systems as reliable as you need for your organization. With PKI Spotlight, you can quickly see and assess the status of your PKI environment in one glance by looking at the dashboard where you’ll see all of the PKI components such as certification authorities, OCSP Responders, NDES/SCEP, web enrollment servers, and other servers. By looking at the dashboard, you quickly determine if your business dependent identity and data encryption systems are able to properly function within the PKI.
PKI Spotlight also allows you to see details about all of your PKI and HSM environments. For example, you could monitor 10 different CAs and 20 HSMs from 10 different PKIs which provides a never before centralized visibility for an organization. All of this is done without having to check server by server or writing scripts and custom tools to *TRY* to collect even a small portion of this information. Not only can you see the current status, you also have a centralized repository of all PKI related events. You can also see events and drill down into the individual error messages, warnings or informational events which are being captured.
With a consolidated view of all of your PKIs and HSMs you can centrally see the configuration and operational events at your fingertips, you can check events for signs of availability, pre-failure, and failure states. You can also contrast and compare operations, configurations, and parameters between various PKIs, such as a Dev and Production PKI across network segments and Microsoft Active Directory forests. You can also observe and get alerted on operational status faults for Entrust nCipher HSMs (with more platforms to come in the future – including HSM-as-a-service).
Missed backups for CAs can be a big problem, one that we see all too often, so PKI Spotlight provides real-time detection for those errors. Using the dashboard, you’ll have visibility into CA and OCSP operational status and certificate validity Today we support real-time alerting through our email notification system that we built into PKI Spotlight which enables you to set up email alerts to be sent out the moment that there is an event that is impacting the operation of your PKIs or HSMs. In the future, we will be supporting common helpdesk, ITSM, SIEM, and incident management platforms directly. But for now, we create a standardized email format that can easily be parsed and consumed into the ticketing platform of your choice.
Recently, I recorded a PKI Spotlight demo video where I give a detailed overview of how PKI Spotlight will help you improve the operational resilience of your PKI environments. After you watch this video, please let me know if you have any questions or need more information. We would love to hear from you.
We want to help you improve your organization’s operational resilience and an assessment of your company’s resilience level is a great place to start. If you request a demo of PKI Spotlight by Friday, April 1, 2022, we will provide you with a free Operational Resilience Assessment Snapshot Report after the demo. You will also receive promotional pricing when you purchase PKI Spotlight. You can request a demo at pkispotlight.com.
We’re looking forward to showing you PKI Spotlight and talking with you soon!