PKI Consulting Services

The very best PKI Consulting Services from the leader

It goes without saying that every organization is different, just as no two projects within the same company are ever the same. At PKI Solutions, we take that to heart in every engagement.

We work with you to develop a clear picture of your particular skill sets and security challenges to determine how to get you to where you need to be. And we can get you going, whether you have an existing scope of work or are just getting started and need help defining the project.

We approach every organization with a pragmatic need to balance security with organizational needs. We don't just implement security controls and designs because "they are a best practice".

PKI Design and Implementation Services

A well-designed and built PKI is critical to its long-term viability and integrity. But long before the first piece of software is installed, security requirements must be properly defined. PKI Solutions can provide you the expertise you need to ensure your environment will not only meet your needs today, but is ready for whatever comes up down the road. No one wants to tear out a core piece of their identity solution because a security consideration was overlooked.

We’ll walk you down the PKI security “rabbit hole” until you fully understand the risks and how they can be remediated in your enterprise. Topics we can work with you on include:

  • Defining an environment that mitigates unacceptable security risks
  • Creating solutions to implement two-person integrity and non-repudiation controls
  • Identifying the security risk and complexities of your PKI – a critical first step in the design and deployment of any PKI
  • Determining the need for mitigating solutions such as hardware security modules (HSMs)
  • Pulling together critical PKI server and network components
  • Mapping out operational responsibilities, controls and documentation

Correct design and implementation are critical to the success of any PKI environment, and a surprising number are abandoned or retired due to improper security controls and documentation. Rarely is a PKI ever down-graded to a lower security posture.

Policies and Procedures

Not every organization needs a certificate policy (CP) or certificate practice statements (CPS), but the best secured and managed PKIs usually do. Public-facing organizations as well as those hoping to connect their PKI and identities to other organizations will most likely need them too. It is often a prerequisite for joining the federal bridge, university bridges as well as many medical organizations. 

We can help you understand what these documents are, who needs them and why you would benefit from creating and maintaining them. We can show you what should go into a CP/CPS and how it will influence your PKI design. We can work with you to determine your policy needs and what internal and external requirements may be applicable. Where appropriate, we will work with your legal team to help craft the proper CP and CPS for your organization.

PKI Specialties

Internet of Things (IoT) Security and Identities

Long-term security for your IoT product designs

Any device on the internet is a potential attack vector. Can you risk having it be your IoT device that opens to the door to successful cyber attacks? Now more than ever, it’s absolutely vital that you take the necessary steps to protect your customers’ environments and your own brand reputation in your IoT product design. Cloud data and central control requirements mean you need to ensure your devices are genuinely communicating with trusted devices and using industry-accepted encryption techniques.

We bring proven expertise in architecting solutions that will not only meet your project needs today but will stand the test of time. We can help you architect a solution using your own identity PKI or by leveraging a cloud provider such as AWS IoT or Microsoft Azure IoT. Locking your product identities into any single solution can introduce management complexity and financial risks that could affect your bottom line.

Hardware Security Modules (HSM)

Thwart internal and external threats with the right HSMs

The key to properly protecting your PKI environment is consistently following well-designed procedures and policies. Hardware security modules (HSM) can be used in a PKI to enforce defined procedures and ensure no one person can compromise it. They can also be used to speed up signing/issuance in high-volume environments and secure your certificate authority (CA) against the extraction and misuse of your CA private keys.

HSMs can be configured to require a quorum of trust role owners to be present to authorize transactions, and where an auditable chain of custody for non-repudiation is needed.  HSMs can be set up to provide EAL 4/FIPS 140-2 level 3 protection of your PKI.

We are well-versed with architecting and deploying nCipher, Thales/Gemalto/SafeNet, Utimaco, and FutureX HSMs, but can advise you in the proper selection, architecture and implementation of one or more HSMs from various suppliers in your PKI environment. With the right HSM configuration, you will have the confidence that your critical signing keys are protected against internal and external threats. 

Mobile Device Management

Allow freedom, but don’t compromise security

One of the biggest security hurdles in the enterprise today is managing and securing the countless personal mobile devices employees bring to the office and BYOD security. There’s the issue of making sure these devices are secure enough for use in your organization and then integrating them with a wireless authentication or VPN infrastructure. A properly designed PKI environment is needed to support devices that are not part of the typical managed enterprise. We can work with you to design a PKI for these mobile devices as well as integrate with management products such as Airwatch and MobileIron

Newer solutions such as Microsoft Intune offer platform-independent management solutions, while also enabling you to leverage your existing Microsoft infrastructure. Intune is the only MDM solution that has improved the creation and issuance of device certificate identities by ensuring private keys are created and stored only on individual devices. PKI Solutions was commissioned by Microsoft to create the official whitepaper on securing and implementing Intune and Microsoft ADCS. You can find the whitepaper here.