As a provider for PKI solutions, DARZ GmbH has developed a Corporate PKI in cooperation with MTG AG, which secures all company-relevant processes over the entire lifecycle of certificates. Processes for issuing, renewing and revoking certificates can be centrally automated, managed and controlled for various use cases (e.g. e-mail certificates, router and server certificates or the secure connection of home office workstations). Certificate Lifecycle Management ensures that no certificates expire unintentionally and allows many associated processes to be automated.
Implementing and operating an on-premise PKI is a demanding and complex task. This path is particularly useful for companies that want to implement special use cases and requirements. These can be, for example, regulatory requirements that have to be met, or also the equipping of IoT devices with certificates during production. The implementation of extensive services (e.g., in the health care sector) would be another suitable use case for an on-premise PKI. It may be that the operation is simply large enough and both the existing infrastructure and the required specialist staff are in place to run their own PKI on-premise.
For most other cases, it is worth looking at a Managed PKI. Such an offering can be implemented with significantly less effort and preparation time. Trustworthy authentication, verification, integrity and encryption for critical and sensitive business processes and applications are thus available at short notice. Companies can concentrate more quickly on securing their business processes and use the ready-built PKI directly. This is because with a Managed PKI, there is no need to worry in advance about secure configuration, backup concepts, fail-safety, scaling or access rights, or to provide the necessary infrastructure. There is no need to build up in-depth PKI and IT security know-how with the appropriate specialist staff and training. The handling of hardware security modules and the required specialized knowledge can also be left to the service provider.
The costs for an on-premise PKI are usually much higher than the relatively low costs for software licenses due to high personnel, infrastructure and operating costs. Even free open source PKI solutions therefore do not make a significant contribution to reducing overall costs.
A modern managed PKI should come from a trusted provider and be able to be set up decidedly for the user. It should scale with the requirements and protect the keys according to the state of the art. Simple user-friendly operation and up-to-date certificate lifecycle management are important selection criteria. Last but not least, the costs for operation should be transparent.