The idea that “the way we do business is transforming” has become a platitude in the decades since the industrial revolution. But in 2020, with the world sheltering from a pandemic and the global economy trying to figure out how to safely re-open – it’s never been more true.
Whether it’s for companies necessarily embracing work-from-home arrangements or to protect the tireless work being done by the medical community to test, track and treat the spread of the virus – procuring, managing, and securing digital identities is paramount.
You can do all of those things using Public Key Infrastructure (PKI), but historically there’s always been one big bottleneck: You’re only as fast or agile as your certificate authority (CA) allows you to be.
With the arrival of Atlas, GlobalSign seeks to make those limitations a relic of the past. Atlas is the world’s most powerful cloud CA – a high throughput, fully ubiquitous, next-generation PKI platform that will carry your PKI on its shoulders and into the future.
What’s Holding Down the Modern CA
Ok, let’s be honest – that last paragraph had some really hot marketing buzzwords in it, but what does it really mean for you and your business?
When you’re talking about digital identities and digital signatures what you’re really discussing is digital certificates. And to issue certificates you need to work with or run your own certificate authority. But running a certificate authority requires a lot more than just the ability to issue certificates.
That’s why the term certificate authority has taken on more of a dual meaning. In purely technical terms it refers to the server that issues the digital certificates. But given the complexity of properly running a certificate authority, we also use the term to designate the organizations that have been created to administer publicly trusted technical CAs.
Organizations have two choices when it comes to determining how they want to handle certificate issuance and management: in-house PKI or outsourcing parts to a CA organization.
The Problems With In-House PKI
Every organization uses PKI, but most employees outside of the IT and security departments have no idea just how much. Or that the use-cases and applications continue to grow and evolve daily. As organizations grow, this digital footprint becomes a little bit like quicksand.
The biggest drawback to rolling your own in-house CA is organizational. It’s complicated, it’s time-consuming, and it requires a high level of expertise and training. It’s the very reason why companies like GlobalSign exist.
Say you want to throw a client authentication certificate on every device or server on your network. That requires way more than just issuing a bunch of certificates: you will also need a mechanism to enroll new identities, and then to issue, deliver, and install them. If you’re following best practices that say you should rotate the certificates assigned to each identity, you’ll need to be able to do so on a regular basis. Employees come and they also go – so does hardware – so, you need a way to revoke certificates, too. You should log everything, so you have a record of when each certificate was issued and by whom. Then you may also need a mechanism to recover and archive keys.
The processes I’ve outlined above take up a ton of servers, network bandwidth, personnel, expertise and actually consume a considerable amount of power.
And it all scales commensurately with an organization!
And don’t just think employees and servers, either. Imagine you’re in manufacturing and need to provision millions of certificates for production per day. Enterprises are already running between 50-70 security applications and platforms. Those IT and security teams are stretched thin. And when mistakes happen, they cost millions. See? Quicksand.
The Problem With Modern CAs
If an organization opts not to attempt to implement and manage its own CA, it can outsource some (or all) of the work to one of the dedicated CA organizations we mentioned earlier. Historically, the problem there – one that the client organization has little effect over – is on the other side of that equation: the technical CA side. The hardware. The issue with outsourcing your PKI – or anything for that matter – is that you’re putting your agility, your speed, your needs in their hands.
You can only go as fast, or issue as much, as the CA lets you. Often, there are strict limits and they are strictly enforced. That’s entirely on account of bandwidth and technical restraints. Use-cases that require considerable volumes of certificates to be issued can be logistically problematic for the CA.
This is what has really held back automation – the inability to reliably guarantee the availability of certificates at the time they’re needed, in the quantity that they’re needed, for a price that doesn’t render the CFO inconsolable.
Now let’s revisit that Atlas paragraph.
Atlas Shrugs Off the Competition
Atlas is not like the engine under the other CAs’ hoods. It’s far, far more powerful. Designed to be available 24/7, with the ability to scale to any use case and any volume of issuance. In antiquity, Atlas was known as a mythological Greek titan that bore the weight of the heavens and Earth on his shoulders. Starting today, any organization can put the weight of their PKI and automation on Atlas’ shoulders.
With the parallel release of Auto Enrollment Gateway (AEG) 6.3, any organization can now install a direct gateway to Atlas on the edge of their network and gain access to the world’s most powerful cloud CA. This is both a ready-made solution for automation and a turn-key method for any company that hasn’t already migrated to remote work.
It’s truly the best of both worlds: All the expertise and experience you expect from working with a CA organization, and all the benefits of having dedicated hardware and resources that can handle the technical CA functions your organizations requires at any scale.
- Get access to full PKI capabilities without the need to spin up CAs for different types of certs – No matter what you need, Atlas has you covered
- Cut costs – Save on hardware (servers to act as CAs, RAs, etc.) and human resources (no setup, no patching, no maintenance)
- Atlas doesn’t require extensive PKI expertise – Remember: you don’t need to know an engine works to drive the car
- Offers far better crypto-agility than an in-house CA – GlobalSign handles all the cryptographic standards, not you
- Achieve the flexibility your business demands – We can issue publicly trusted server and S/MIME certificates
- Get support when and how you need it – Think of Atlas like the newest member of your IT and Security Team
Atlas is ready to lift the world’s PKI on to its shoulders and carry it into the future. If you’d like to know more about Atlas and how he can shoulder your organization’s PKI load, contact us today.
