How Much is In-House PKI Management Truly Costing You?

Written by

If you are an IT manager, how many calls do you get every Monday, or on the day after a software update, from employees at your organization asking you to assist with a forgotten password? The answer is probably ‘too many,’ when it comes to counting these types of calls. What about when you go on vacation and open your inbox that first day back— how many IT issues have now piled up in your inbox? We probably don’t even want to know. Now, add up all these forgotten password tickets, miscellaneous IT requests, your day-to-day objectives, and don’t forget to add in-house certificate management as the cherry on top.

It can sometimes be easy to ignore the elephant in the room when it comes to taming public key infrastructure (PKI) management, especially in times of economic uncertainty, where you might be asked to find cost savings.

In this article, we’re making a case for outsourcing the complexities of PKI management as we uncover the hidden costs of in-house PKI management.

Lack of Dedicated PKI Expertise

In a recent HID survey, 64% of the 190 companies surveyed responded with having less than 10 cybersecurity team members on their IT team, if any. Yet, 49% of respondents identified the complexity of security as their biggest challenge.

Whether your organization simply doesn’t have the headcount or on-staff expertise available, managing PKI infrastructure on-premise may seem like the best option from a raw numbers standpoint, but with average organizations managing more than 56,000 certificates, just one expired certificate or human error from inexperienced IT managers could allow bad actors to infiltrate your networks.

Unfortunately, the expertise to manage PKI is in short supply, with 52% of IT security professionals identifying their top challenge is a lack of understanding of their own PKI’s security capabilities.

Maximizing Staff Efficiency

If your IT team is among the many without a dedicated cybersecurity or PKI professional, then the time spent sorting through the complexity of creating, storing, and distributing digital certificates to devices and revoking them is another cost of managing PKI in-house –teams without dedicated cybersecurity resources are often left absorbing PKI management into their daily job functions, which can lead staff to burnout or disengagement.

In 2022 alone, employees who were not actively engaged cost the world $7.8 tn in lost productivity, according to Gallup’s Sate of the Global Workplace: 2022 Report.

Thankfully, PKI-as-a-service (PKIaaS) exists and enables IT teams to outsource the complexity of certificate management completely, while retaining control of private root keys. While a PKIaaS solution will add an expense to the IT budget, it also improves the productivity of your payroll by freeing up hours that your IT team was previously spending on PKI management. Additionally, with a comprehensive PKIaaS solution, especially one that is subscription-based, your team will not have to install or purchase any additional software or hardware, which contributes to keeping costs predictable and upfront.

Underestimating the Power of PKI

If you’ve already implemented a PKI-as-a-service solution and are finding that your team is still having to do a lot of manual lifting or are struggling to scale your services with your current provider, it is important to consider that not all PKI-as-a-service solutions are created equal.

While all certificate management streamlines issuance, revocation, reporting, and account management, not all automation is the same:

  • Agent-based models of PKIaaS still require your IT team to track and manage software on every machine and server. This is best when your organizations devices run on the same operating system, and if you don’t mind your provider owning your certificates
  • Agentless models help streamline PKI a little bit better by alleviating software installation and IT team intervention; however, your provider still owns your certificates, and you will still need to share privileged information to the provider’s cloud

In both of these models, it is also much more difficult to scale your services without incurring additional costs or service fees. What type of PKI model should you be considering?

Outsource Your PKI with the Connector Model

The right PKI-as-a-service not only keeps your certificates up to date, but it also frees your IT team from the time-consuming task of managing certificate lifecycles.

The connector model of PKIaaS uses existing open source certificate utilities to request and install certificates independent of one another. This allows your organization to use devices of varying platforms, eliminates the risk of enterprise-wide failure, and allows you to maintain ownership of your certificates.

Ready to step into simplified PKI with the connector model of PKI-as-a-service? We invite you to explore these additional resources or chat with an expert.

Brought to you by

What’s hot on Infosecurity Magazine?