Setting up a Pki Structure
By: July • Essay • 731 Words • June 7, 2010 • 1,394 Views
Setting up a Pki Structure
There are several advantages to using a commercial PKI over in-house private CA. Although we equate the costs of commercial use in terms of services, there are several factors to weigh when considering in-house services. Weighing the cost of equipment, administration, and liability should be considered during your study of feasibility.
For example, when implementing in-house PKI structure the cost of setting up a network infrastructure, must accommodate secure communication, storage, redundancy, backup, maintenance, and security. When compared to outsourcing to a commercial PKI solution, it is often more profitable in the long run to pay for services. It is control that drives companies to consider in-house solutions. As a result, in-house costs rise as storage for certificate repositories and public key require hardware storage solutions (Conklin 132) for a separate security model. The additional security model includes a router, firewall, and IDS specifically designed to keep hackers out. Additional hardware and software costs also consist of servers with operating system, Microsoft Certificate Server software (Microsoft.com) or commercial based software, licensing, and secure backups. The secure backups should be separate from the standard corporate backups because of the potential exposure to private keys. One central RA would need server accommodations by itself. Furthermore, a separate server for certificate repository adds to the cost and maintenance of in-house design. A key advantage to using a commercial Public CA is that most software and hardware infrastructure is maintained at their site and included in the service price.
In addition, the cost of in-house administration of a PKI does not always present economic feasibility. The corporation would need to hire an experienced PKI administrator to ensure compliance, hardware integrity, redundancy, security, and administration of the private keys and certificates. The environment must be “uniform and predictable” (quoted Conklin) so that high level technologies work together at access points. These access points are centrally located but nonetheless will require certain hardware and software maintenance at all corporate locations during communication. This will result in additional labor costs and resources which would be covered in a commercial based Public CA solution. In-house standardization would also require a CPS outline and explanation of services. Public CA companies offer their own customer service and standardization with experience and knowledge learned from servicing thousands of customers. The importance of non-repudiation notaries also would be required in-house, as time stamps, identity, and proof of service may interfere with some of the necessities of our business model, including accounting and regulatory acts. Different CA classes would need to be distinguished in-house and program interface through non-homogenous network infrastructures would require additional Information Technology services. Keeping track of Digital certificates in-house would require knowledge of certificate lifecycles, certificate attributes, certificate extensions,