Cybels PKI Services - Cybels Public Key Infrastructures Services

If you are running a digital transformation programme with goals such as offering new digital services, improving business efficiency, or enhancing customer experience, the security of your systems should be a priority. Initiatives such as increased e-commerce use, remote data collection for predictive maintenance, implementing software over the air updates, introducing Internet of Things connected devices, and enabling seamless work with third parties, all need a secure Public Key Infrastructure (PKI) at their heart.

A PKI solution by Thales – offered as a bespoke combination of products and managed services – lets you unlock the full benefits of PKI whilst avoiding the many pitfalls of a weak implementation.

Read our case studies here.

The fact is that the technology behind PKI accounts for only about 20% of an implementation. The rest is a matter of people, policies, procedures and processes. Unless you get those exactly right (and many organisations don’t) your system could remain vulnerable or lack the essential resilience and reliability. Even if your PKI was perfect when you implemented it, there’s a good chance that it hasn’t kept up if your systems have grown and evolved over time. We can help.

When do I need a secure PKI?

PKI plays a crucial role in securing and assuring platforms, services, transactions and data. Here’s where some of our customers use a secure PKI:

Secure software code and documents Sign (and optionally encrypt) software, documents, transactions and other artefacts	IoT Security Ensure data confidentiality and integrity across vulnerable devices without compromising availability	Secure communications and data collection Secure networks and remote access for employees and devices, enabling for example devices and equipment health and usage monitoring
Remote software updates Securely update device and equipment software remotely	Secure command and control Secure IP cameras and building security systems, building management systems, manufacturing systems and a plethora of other connected devices for secure system instructions, remote control, and mission commands	Enterprise Access Control Secure the identities people and things to control access to buildings, systems, and more

Thales has direct experience of these and many other applications for PKI: not just for the hardware and software, but for managing, protecting and maintaining the processes, policies and procedures that build in trust.

Why trust Thales with your PKI?

Cybels PKI Services are part of Cybels Authenticate. By choosing Thales, you gain the benefit of our unique PKI services and experience:

No matter what you use PKI for, or what you want from it, we’re ready to help with everything from early consultation right through to a bespoke build, full implementation and daily operation. Here are some of the ways we help our customers:

PKI health check

A top to bottom check of your current Public Key Infrastructure, examining best practice, build standards, and vulnerability, with documented recommendations for improvement.

PKI strategy development

Helping you develop a consistent strategy for your PKI based on your current and future needs, taking into account the regulatory framework, your service level requirements and your operational constraints.

PKI solution design

An assessment and evaluation of your business requirements which covers legal and regulatory compliance, certificate policy definition, certificate volumes and types, certificate authorities and cryptographic algorithms.

PKI service implementation and transition

The on-site implementation of your PKI design, including the transition from an existing solution. Thales will generate certificate practice statements and other artefacts to support accreditation.

Fully managed Thales PKI certificate service

Thales operates its own externally facing PKI service where customers can purchase certificates on a subscription basis. The service is hosted from our own secure data centres and is assured by our own Security Operating Centres (SOCs) to ensure integrity. It is certified for use in the public and private sector, as well as Critical National Infrastructure.

PKI analysis

We will assess your PKI’s health, and recommend a solution. This could be based on your own design, or the use of Thales fully managed PKI certificate services, or a fully managed PKI service specifically designed for your security needs.

Fully managed, Thales-hosted PKI service

A custom-designed, end-to-end hosted PKI service, underpinned by a customer-owned root Certificate Authority and scaled and accredited according to your specific requirements. All Thales PKI Managed Services feature monitoring, reporting and support capabilities.

In addition to these PKI products and services our PKI consultancy team will help you understand how PKI can meet your security needs and use this information as a starting point for the PKI’s design, accreditation route and operational model.

Find out more about how Thales's range of PKI services can help in the transformation and security of a PKI you run on your own site here.

Secure key management and identity security systems, such as PKI, play a crucial role in securing and assuring platforms, services, transactions and data. Here’s how some of our customers are using PKI:

• Secure communications: for securing networks (WAN, LAN, WWAN, SD WAN) and remote access for employees and devices, and for securing radio communication links
• Secure document and software signing: for signing (and optionally encrypting) software, documents, transactions and other artefacts
• IoT Security: ensure data confidentiality and integrity across vulnerable devices without compromising availability
• Secure command and control: for securing IP cameras and building security systems, building management systems, manufacturing systems and a plethora of other connected devices for secure system instructions, remote control, and mission commands
• Enterprise Access Control: for securing door controls, ID cards, vehicles, work permit systems, and more

Thales has direct experience of these and many other applications for PKI: not just for the hardware and software, but for managing, protecting and maintaining the processes, policies and procedures that build in trust.

The active management of  PKI as your systems evolve and making sure that your policies and certificates are up to date is essential. Here are some of the issues that arise when PKI goes wrong.

Setting up or buying in a PKI is technically easy, but securing it is not. As an organisation evolves over time, systems are added and changed, but its underlying PKI might not be considered.

A poor implementation, or one which hasn’t kept up with the evolution of your organisation, is likely to conceal serious security threats. Here are some of the issues that we have uncovered during PKI health checks:

• A lack of security controls on the host servers
• No patching or security monitoring
• Little or no vetting of staff who are responsible for PKI
• Giving complete control to just one person
• RootCA is online or is easily made accessible
• Unsecure PKI hosting facilities
• No auditing of certificates being issued
• A lack of assessment and formal accreditation
• A lack of certificate life-cycle management

Any and all of these issues can put you at risk from attack and fraud. Once detected, they can be fixed. But unless you have an actively managed PKI they often go unnoticed.

UK Government customers click here