GlobalSign Blog

Your In-House CA is Costing You Millions – Here’s the Solution

Your In-House CA is Costing You Millions – Here’s the Solution

Since the beginning of 2020 the enterprise world has been thrust into a new reality: remote work. Businesses have either been agile enough to continue operations remotely or are now facing a crisis that threatens their very existence. 

Like so many other business functions, remote work requires a robust, well-implemented public key infrastructure (PKI). But in the scramble to facilitate employees working from home, many enterprises have embraced a home-spun, in-house approach to PKI that will end up incurring millions of dollars’ worth of hidden costs, while also potentially setting them up for compliance penalties and losses in the future, too. 

The right solution accomplishes three things:

  • Integrates seamlessly with what you already have – The right solution makes you more efficient by streamlining key processes with automation and reduces the tedious workload for IT.
  • Scales to where you are going – As your organization continues to grow, your PKI will need to grow alongside with it.
  • Saves you money both in the interim and long-term – Beyond savings in time and personnel resources, the right solution saves on hard costs, too.

Is Your Internal CA a Money Pit?

In-house PKI requires so much more than just the ability to issue certificates. While it might be tempting just to assume the ability afforded you by Microsoft CA and Active Directory is enough to facilitate things like client authentication, there are hidden costs that will quickly sneak up on you and force an uncomfortable meeting with your CFO. 

In reality, there are tons of moving parts and touchpoints in any functional, compliant PKI. Registration Authorities, timestamping servers, certificate logging, OCSP – all of these things require resources and bandwidth.

Proper administration is a challenge, too. Again, it’s more than just certs you need to worry about – you need enrollment mechanisms, registration authorities, authentication capabilities, certificate templates, and policies about EKUs. You need to know when every certificate was issued and by whom, you need to be able to easily revoke certificates, you need a mechanism to recover and archive keys, and you need to log everything. That takes up a ton of servers, network bandwidth, personnel, expertise, and actually consumes a considerable amount of power. 

And the greater your needs, the more of all those things your organization requires. The human cost can be pared down even more granularly. If you’re going the in-house route, you have to set up your PKI manually, you have to maintain and update lots of different touchpoints, and you need to oversee everything to avoid expiry and other issues. Even if you find a way to automate these processes, you’re responsible for ongoing management. Many industries and localities require specific reports and historical records, so you need to figure out how to do that, too.

It all adds up. 


Up-front Costs

Residual Costs

In-house PKI w Microsoft CA



5 Year Total



Want to Save Up to $1.5 MILLION?

There’s a better way to handle in-house PKI and ensure your organization is agile and capable of working remotely. Download our eBook on The Hidden Costs of Microsoft CA to learn about GlobalSign’s Auto-Enrollment Gateway, a ready-made solution for remote work and every other PKI use case. AEG improves security, reduces time and resources required for management and most importantly, can save you millions of dollars over the next 5-10 years. 

Sign up now to download the eBook and learn how you could improve your PKI and overall security posture while saving significant amounts of money at the same time.

Share this Post

Recent Blogs