Businesses have a series of mechanisms for establishing trust across connected devices on a massive scale through public key infrastructure (PKI). Aside from providing an enhanced level of security and integrity, PKI plays a critical role in protecting data, employees and businesses.

PKI has been a proven technology for protecting connectivity between connected devices for some time. But as the ecosystem of users, devices, applications and things continues to expand, PKI plays an increasingly central role in securing data. Organizations continue to be aware of the importance of PKI technology and appreciate even more, the significant role that identity management solutions play in securing communications, authenticating devices and improving collaboration in the digital workplace.

Organizations can deploy and manage their own PKI or use a hosted PKI operated by a managed service provider. In this post, we’ll walk you through the key considerations to be aware of when choosing on-premises versus managed PKI service.


There are a number of advantages to having an in-house PKI solution. It allows organizations to have total control over a very sensitive commercial area. In-house solutions can also be customized to fit a specific set of business needs, something that isn’t always possible with third party offerings. On-premises implementations provide complete control of the certificate issuance process. If a company is using a PKI to manage confidentiality, integrity and authenticity services for its own employees, it may make sense to keep the solution in-house.

That said the market is changing. Not too long ago, organizations were reluctant to put any sensitive data in the cloud whereas now most recognize that in general cloud providers can provide levels of security and control that are equal to or better than those in-house. Similarly with PKI, as the environment grows more complex, customers will increasingly prefer to leave PKI management to specialist providers with expert knowledge of standards and best practices leaving staff to focus on core competencies of their business.

Already, many companies simply do not have the skills and expertise to deploy an in-house PKI system. Before a business can rollout a PKI system it has to acquire all of the hardware and software components needed to generate digital certificates. It then needs to integrate digital signatures and authentication mechanisms into its internal applications. Assuming that this process is carried out smoothly, the company will then have to commit itself to carrying out regular audits of its own infrastructure. On top of this, unless it has an exceptionally talented IT team, it will have to bring in external support to help employees install and use digital certificates.

The in-house approach ostensibly gives more control and therefore tends to be chosen by those organizations whose security and compliance responsibilities require that control of certificates and identities remain inside the business.

Some organizations will be tempted to limit their deployment to PKI components bundled with their operating system, but as we have discussed, this may prove to be a false economy since the real cost drivers of PKI lie in its management, configuration and maintenance. Organizations need to consider how their identity and security needs will change as connectivity and digital transformation continue to accelerate.

Managed Service

As an alternative to maintaining an in-house PKI, many organizations are outsourcing their PKI infrastructure to a managed service provider, with the technology managed and hosted by a trusted third party. There are several advantages to this model, including faster time to deployment and lower total cost of ownership.

With advanced security expertise at their disposal, managed services providers can offer a more consistent and ultimately more secure, resilient and flexible proposition that’s not dependent on the need to hire and retain skills that are in short supply. As the environment becomes more complex, regulations more strict, and fines significantly larger, firms are better off putting their trust in the expertise of a provider rather than wrongly assuming and insisting that security and control are better managed in house.

What PKI solution does your business demand? Research the best solution for your needs in our new study with Computing Research, “Choosing a PKI Infrastructure for digital business.”