PKI Paper
There are several advantages of using a commercial PKI rather than implementing such a capability in-house with the software developers you already have. While in-house PKI solution can highly cost an organization with licenses and necessary infrastructure, a commercial PKI solution offers a service package with reliability, strong support, and indemnification.
Considering an in-house PKI structure, a company must factor in the cost of setting up a network infrastructure, network security, storage, redundancy, backup, and maintenance. Compare that to a commercial PKI solution, it is considered more profitable in the long run to pay for the service and not worry about all the factors above. It is mainly the control ability that drives companies toward an in-house PKI solution. In return, in-house PKI costs rise because it requires a separate security model including hardware storage solution in order to contain certificate repositories and public keys. The additional security model includes server, router, firewall, and IDS to keep hackers out. Additional software associated with a PKI infrastructure includes operating system for the server, Microsoft Certificate Server software or commercial based software, licensing, and secure backups. Due to the higher level of security requirements associated with PKI structures and private keys, the secure backups would be separated from the everyday backups found in a standard corporate backup system. Furthermore, a separate server is needed for certificate repository which will add even more costs and maintenance to an in-house design. On the other hand, using a commercial PKI would eliminate all those cost factors because most of those hardware and software infrastructure is located and maintained off-site which is included in the service price.
In a single service package, a commercial PKI provides reliability, support, and indemnification over in-house PKI solution. Commercial PKI offerings are relatively well-tested
Considering an in-house PKI structure, a company must factor in the cost of setting up a network infrastructure, network security, storage, redundancy, backup, and maintenance. Compare that to a commercial PKI solution, it is considered more profitable in the long run to pay for the service and not worry about all the factors above. It is mainly the control ability that drives companies toward an in-house PKI solution. In return, in-house PKI costs rise because it requires a separate security model including hardware storage solution in order to contain certificate repositories and public keys. The additional security model includes server, router, firewall, and IDS to keep hackers out. Additional software associated with a PKI infrastructure includes operating system for the server, Microsoft Certificate Server software or commercial based software, licensing, and secure backups. Due to the higher level of security requirements associated with PKI structures and private keys, the secure backups would be separated from the everyday backups found in a standard corporate backup system. Furthermore, a separate server is needed for certificate repository which will add even more costs and maintenance to an in-house design. On the other hand, using a commercial PKI would eliminate all those cost factors because most of those hardware and software infrastructure is located and maintained off-site which is included in the service price.
In a single service package, a commercial PKI provides reliability, support, and indemnification over in-house PKI solution. Commercial PKI offerings are relatively well-tested
Cited: Dzambasow , Yuriy (Aug 15, 2012). Requirements for in-house PKI. SecuritySolutions.com, from http://securitysolutions.com/mag/security_requirements_inhouse_pki/ In-house or out: how to start building a PKI. ComputerWeekly.com, from http://www.computerweekly.com/Articles/2003/07/29/196201/in-house-or-out-how-to-start-building-a-pki.htm Ars staff, (July 17, 2002). Wireless Security Blackpaper. Ars Technica, from http://arstechnica.com/security/news/2002/07/security.ars