PKI is much more than just technology
A typical PKI project is likely to be more complex than previous experience of typical IT projects may suggest. As well as project management, technical and operational aspects, there are many policy, legal and security issues which must not be neglected.
By following a structured methodology based on practical experience, many of the potential traps and pitfalls can be avoided. The risks to the business and the project are reduced and those that remain are quantified at an early stage.
It has been our experience that the major cost of a PKI lies not in the technology but in the services needed to implement the solution. There is a need to ensure that the benefits from this investment are realized in the most efficient and cost-effective manner possible.
WISeKey PKI Methodology
The establishment of a successful PKI is not solely a matter of implementing software or systems. It is important that associated practices and procedures are devised and implemented.
WISeKey has built a structured methodology, specifically designed to help our customers to architecture, implement and deploy successful Public Key Infrastructures (PKI). Our Methodology consists of a simple to follow series of steps backed up by a comprehensive set of documentation templates and checklists.
The Key Steps of our method are:
- Requirements Analysis, as the first step in implementing a PKI-based security solution is to understand the business and technical requirements
- Architecture Definition, providing a process and set of documentation templates and checklists to define the PKI architecture and how the PKI will be operated
- Operations, defining the operating procedures and controls necessary to make sure that the PKI security system remains effective
Security Review, as PKI, more than in any system, it is important to understand where the risks are and where the system is most vulnerable
Integration, bringing together the PKI components so that a pilot system can be built for testing
- Deployment, involving involves the installation and validation of the operational PKI for acceptance testing
- Post-Deployment, providing a a comprehensive checklist of the issues that need to be considered, recommended procedures and a migration plan template to ensure that migration is straightforward
CertifyID Policy Module
The establishment of a PKI is not solely a matter of implementing software or systems. It is important that associated practices and procedures are devised and implemented. WISeKey’s consultancy practice is specialized in the production of supporting documentation for PKI deployment and operation.Get the PKI Consultancy brochure