Back in 1994, Entrust debuted the world’s first commercially available public key infrastructure. In the more than 20 years since then, it’s been refining and building on the technology. Over the past two decades, enterprise security needs have skyrocketed alongside the growth of connected technology. According to one report from last year, 94 percent of the organizations surveyed reported experiencing cybersecurity issues. These days, a single targeted attack can end up costing an enterprise millions of dollars – and it’s not only big corporations and financial institutions that are targeted: From medicine and government entities to small and medium-sized companies, everyone is a target. Across the board, susceptibility to cybercrime has never been higher.

“Limiting susceptibility to intrusions means implementing an integrated security infrastructure for your business.”

Cyberattacks target identities and impersonate the rightful owner. To fight cyberattacks, we must properly protect digital identities from theft and misuse. Most organizations already have a process in place that state only a specific user can read a secure document or complete a transaction. However, to protect against attack, controls need to be added to authenticate the user attempting to perform action and confirm that they have the authority to complete the action. This is why PKI is essential.

What is PKI?

At a basic level, a PKI is a set of tools and services that comprise a comprehensive authentication system. But PKI is unique in the way that it works. The premise behind it can be visualized like this: You keep a secret in a container. When it comes time to authenticate, the container shows proof of possession of the secret but does not release the secret itself.

One clear benefit of this method is that you don’t run the risk of your secret getting stolen. With most authentication systems, that’s not the case. For example, if you’re logging into a system that just requires a password, then by entering that password “” your secret “” you relinquish it from your control and risk it falling into the wrong hands. The number of corporate password breaches making headlines of late attests to the inherent vulnerability of this authentication method.

PKI is different. Instead of making you reveal your secret, PKI asks only that you demonstrate you have it. This demonstration comes in the form of a challenge that must be answered via digital signature. The signature is delivered by the signer in such a way that it illustrates he or she knows the secret. Entrust’s solution relies on X.509 digital certificates. This is the most popular certificate type in enterprises today due to the fact that it provides many fields of use to further describe the identity for a wide scope of applications. As an example, a policy which describes how an identity is checked. This could ask you to perform a police check and verify a passport, or to simply just check they possessed the email address shown elsewhere in the certificate.

While this may all sound a bit complicated, from a user perspective PKI is very straightforward. One example of PKI, for instance, are chip credit cards. When you take that card, go to the store and tap the reader to pay for something, that’s PKI in action. Chip-based passports are another example. From a coding perspective, PKI might be challenging, but for the consumer it leads to greater ease of use than, say, entering a password.

Public key infrastructure ensures robust identity protection.

The benefits of a PKI service for businesses

With the basics of PKI laid out, let’s now turn to why enterprises benefit from adopting such a solution. Here are some of the central benefits of PKI as a Service:

  • Significantly increased identity protection: Unlike a password, PKI isn’t something that can be stored in a person’s head. When stored in a smart card, the digital identity cannot be copied off the device. Unlike a password, the employee will know when the digital identity has been stolen as the card is missing. Since the PIN is not known by the attacker, the identity is still protected and can be revoked by the enterprise without having possession of the card.
  • Broader range of functions than other authentication forms: With traditional two-factor authentication, you cannot encrypt and digitally sign files. But PKI allows this process, which is convenient for businesses as they increasingly move toward protecting digital file exchange, encrypting content for the intended recipient and so prevent attackers from intercepting the communication.
  • Lower cost. With a PKI smart card, there is no need to remember user names, passwords, change complex passwords every month or even enter the information into a computer. Password management cost money, frustration and lost productivity. The successful enterprise can recreate the simplicity of the tap and pay experience of the payment world. With vendors now able to provide low cost, vertically integrated solutions, the enterprise should be able to realize savings within the first 18 months.
  • Mobile convenience: With the advent of mobile, the employee now expects the simplicity at work that they experience in the consumer world. The mobile application makes that all possible. Rather than the employee needing to coordinate the working of drivers, readers and applications on the desktop, all that is needed is baked into the application, accessible from a mobile App Store. Just download and personalize over the air. In addition, the readily available biometrics on the mobile device enable the replacement of the PIN. That’s one less thing to remember and it further restricts the ability of the attacker to impersonate the employee.

For all businesses, keeping up a secure networking environment is a central part of daily operations. A PKI is a vital tool that helps enterprises get there.

Entrust Datacard