A Public Key Infrastructure (PKI) is an effective tool for protecting systems and services in the network. It forms the basis of digital businesses: It ensures secure access to physical and digital resources, provides secure communication between people, software, and devices, and enables the digital signing of documents and transactions.
The use of a company-wide (PKI) is indispensable in modern IT infrastructures. Different requirements need different certificates. For example, communication with external partners via web servers (SSL/TLS), VPN gateways (IPSec), or via email (S/MIME use) requires public certificates.
Trusted certificates are also required for internal resources to secure different processes. In addition to password-independent solid authentication options, this also includes other certificate-based authentication methods in LAN and WLAN infrastructures. Digital signatures or machine certificates for device authentication are further examples of applications.
Securosys CloudHSM offers a multitude of advantages over industry-standard devices when used in a PKI/CA. The multi-tenancy of the CloudHSM allows one partition to be used for the root key of the main CA (root Certificate Authority), while the client can use additional partitions for the sub-CAs. The root key signs the certificates for the sub-CAs.
The partition of the main CA can be taken offline by Security Officer and is not accessible without the involvement of the Security Officer – a more straightforward and more economical procedure than transporting an HSM device to a physical vault.
Keeping the private keys protected and completely isolated is highly recommended, regardless of whether the corporate PKI is used internally or externally. The best method for this is an HSM or CloudHSM.
