Why do I need a PKI solution?

With a Public-Key Infrastructure (PKI), a company can create an environment which is not only trustworthy but maintainable. This infrastructure offers everything needed in order to provide Public Key encryption and digital signature services. Its very purpose is to manage keys and certificates which can be used across a wide variety of applications.

The article below sourced from the Tech Republic illustrates further the concept:

A public key infrastructure project can be costly and demanding. And bottom line—it’s not for everybody.

We talked with PKI experts John O’Leary of the Computer Security Institute and Mylissa Tsai, a research analyst of information security for the Aberdeen Group. They recommended that any company considering PKI start by asking these questions:

Do I need PKI?
In some ways, PKI is more of a legal issue than a technology issue. It will not end all your security worries, analysts say, but it is the best protection you can buy at the moment. How can you determine whether you need PKI? “You need it if you are operating in a higher risk environment,” said Tsai. “It’s really to protect yourself.” Leading adopters of PKI are financial institutions and health care. It’s also a good idea to consider PKI if you are engaging heavily in e-commerce, according to O’Leary. “If you’re going to do significant electronic commerce, and you don’t know personally all of the people you’re dealing with, you are a candidate for this.” Even if you’re not in a position to implement PKI, you should research it, O’Leary said. You may be required by business partners to implement it in the future, and you’ll need to be prepared.

What are my major business partners and suppliers using?
PKI systems face a major compatibility barrier that, thus far, vendors have not resolved. This means you need to be on the same PKI system as your major business suppliers and partners, according to Tsai. This also means that for smaller companies, a PKI system will be chosen for them by larger business partners.

How should my certificates be created?
While creating your own certificates is certainly possible, it may not be advisable, Tsai said. One reason: Your business partners won’t be able to use a proprietary certificates system. It’s best to use one system across your organization that can grow with your business. What happens when accounting wants to move payroll to PKI and your financial institution already uses a different and incompatible PKI system?

To find out how one enterprise put its PKI plans to work, read “Case study: How I implemented PKI.”

For more information on PKI technology, check out these additional TechRepublic articles: