Article

Making a success of PKI through outsourcing

Ron Condon
Public Key Infrastructure (PKI) has struggled to fulfil its promise to become the accepted mechanism for managing users on a network. Perceived complexity and high costs have deterred most organisations from adopting it.

But could it make a comeback as an outsourced service, where the management is taken care of and the costs are spread across many users? One man who believes so is Christopher McLaughlin, a consultant with Accenture and author of "Proposed Model for Outsourcing PKI", the latest in our series of features based on the best MSc theses from students at Royal Holloway, University of London.

The scalability of PKI with its single point of management, is far better than disparate systems
Chris McLaughlin
ConsultantAccenture
McLaughlin concentrates in his paper on how to implement PKI with an outsourcer in a way that will ensure success. "There are not just technical but also management and cultural aspects to consider," he says. "A lot of consultancies just go in and force a solution, rather than going into the background to give a full enterprise solution that will bring benefit. Often the solution fills technical needs but not the business needs."

His paper provides any company looking to follow the outsourcing path with a clear method and roadmap to ensure that both sides of the contract work to the same goals.

As he says, PKI is "a pervasive substrate - the technological layer that permeates the entirety of the organisation on which PKI services are established" and therefore needs to work without a hitch. It means there has to be a high level of trust between the customer and the outsourcing company in what is likely to be a long-term commitment.

But why should any organisation consider PKI when there are other tools on the market that provide them with what they need? "The real benefit of PKI is that it is joined up," he says. "The scalability of PKI with its single point of management, is far better than disparate systems. PKI can give you server-authentication, email security, IPSec, trusted third party and authorisation services. People may have other things in place to perform the same functions, but they are not a joined-up system."

He says that the more people become aware of identity theft and security matters, the more pressure there will be to provide secure services, and PKI is a good way of doing just that.

To read the full article, click HERE


Email Alerts

Register now to receive ComputerWeekly.com IT-related news, guides and more, delivered to your inbox.
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
 

COMMENTS powered by Disqus  //  Commenting policy