Making a success of PKI through outsourcing

The latest in our series of features based on the best MSc theses from students at Royal Holloway, University of London focuses on how to implement PKI with an outsourcer.

Ron Condon

Public Key Infrastructure (PKI) has struggled to fulfil its promise to become the accepted mechanism for managing users on a network. Perceived complexity and high costs have deterred most organisations from adopting it.

But could it make a comeback as an outsourced service, where the management is taken care of and the costs are spread across many users? One man who believes so is Christopher McLaughlin, a consultant with Accenture and author of "Proposed Model for Outsourcing PKI", the latest in our series of features based on the best MSc theses from students at Royal Holloway, University of London.

Download this free guide

Computer Weekly's Buyer's Guide to GDPR Part 2

In this 12-page buyer’s guide, we look at the tools that could be used for compliance, the incentive to create a smarter, leaner business, and the myths surrounding the new rules.

The scalability of PKI with its single point of management, is far better than disparate systems
Chris McLaughlin
ConsultantAccenture

McLaughlin concentrates in his paper on how to implement PKI with an outsourcer in a way that will ensure success. "There are not just technical but also management and cultural aspects to consider," he says. "A lot of consultancies just go in and force a solution, rather than going into the background to give a full enterprise solution that will bring benefit. Often the solution fills technical needs but not the business needs."

His paper provides any company looking to follow the outsourcing path with a clear method and roadmap to ensure that both sides of the contract work to the same goals.

As he says, PKI is "a pervasive substrate - the technological layer that permeates the entirety of the organisation on which PKI services are established" and therefore needs to work without a hitch. It means there has to be a high level of trust between the customer and the outsourcing company in what is likely to be a long-term commitment.

But why should any organisation consider PKI when there are other tools on the market that provide them with what they need? "The real benefit of PKI is that it is joined up," he says. "The scalability of PKI with its single point of management, is far better than disparate systems. PKI can give you server-authentication, email security, IPSec, trusted third party and authorisation services. People may have other things in place to perform the same functions, but they are not a joined-up system."

He says that the more people become aware of identity theft and security matters, the more pressure there will be to provide secure services, and PKI is a good way of doing just that.

To read the full article, click HERE

Read more on Endpoint security

Start the conversation

0 comments

Register

Login

Forgot your password?

Your password has been sent to:

Please create a username to comment.