Migrating to a Future Proof, Compliant and Agile PKI

“One of the main purposes of digital certificates is to establish and provide trust. Building a trustworthy PKI may be a complex and time-consuming task; however, a good strategy and planning can make it happen with a reasonable amount of effort. An assessment of the PKI maturity level, defining the plan how to achieve next level and track the progress in time, will help to build the robust PKI everyone can rely on. Often, however, PKI is built in a hurry and only for a specific use case without thinking about the strategy and compliance. A non-managed PKI environment is like a time bomb when you do not know what will happen the next day. Where the PKI maturity assessment may uncover some interesting facts about the current environment, it can be a starting point for reasons why we decide to start a PKI migration. Various methods how we can plan and execute a PKI migration exists and the main tasks during the migration may differ whether we would like to build a completely new PKI or keep the current trust chain, that is perform a PKI migration or a certificate migration. Different targets to migrate into, an on-premise solution, in the cloud, or into SaaS, affect your choice of methods and applicability for certificate- or PKI migration. With an on-prem, you can execute a fully transparent PKI migration, while for cloud it depends where private keys are stored and how. When moving into a SaaS solution, a certificate migration is probably the best option. We will take you into the journey of building a public key infrastructure, which is robust and resilient enough to be trusted for decades. We will show the most important aspects and pitfalls during a migration process and how they can be resolved or mitigated. Methods and tools used for the maturity assessment and technical migration will give you a good understanding where you can start to improve your current PKI environment, collect information, and decide.

Takeaways:

  • Getting from disorganized to a mature PKI
  • The PKI maturity assessment level, defining the plan how to achieve the next level, tracking the progress and helping to build the robust PKI everyone can rely on.
  • The methods for migrating PKI and certificates
  • Outlining two migrations strategies. One where the complete old PKI is transparently moved into a new product, and the other where a new PKI gradually replaces the old one.
  • Mitigation of main risks during the migration
  • What are the main pitfalls to be aware of during a migration, and how can we manage those.
  • Converting a hard-to-maintain multi server PKI into a comfortable consolidated PKI
  • Showcasing how you can consolidate many disorganized PKIs into a single consolidated mature PKI using off-the-shelf products and well tested procedures.
  • Decide between on-premise, cloud, or SaaS PKI solution
  • Whatever your requirements and preference, a PKI migration and consolidation can be performed virtually from any environment into a new on-premise PKI, or a PKI in the cloud or a SaaS PKI.”


A talk by

Roman Cinkais and Tomas Gustavsson

CEO | 3Key Company