Self Signed SSL Is Not Enough
In the enterprise environment, it is far too easy to fall into the bad habit of using self signed certificates or not using the best SSL certificate they can for internal software. However, protecting customer data is more important than this mistake is worth. Sometimes these decisions are made for cost cutting reasons or even because the administrators were feeling lazy. Perhaps they weren’t aware of how easy it is to use a managed PKI to manage SSL certificate issues and revocations. Just like on a customer facing website, using self signed SSL certificates is simply not acceptable.
When you use a managed PKI – or Public Key Infrastructure, you are centralising the management of your SSL certificates and digital identities as well as having the administration of these delegated to an expert third party. Some certificates can be issued instantly to save time, as well as having the ability to manage certificates and identities on a cloud management system. Using PKI doesn’t mean scrimping on more advanced certificate types either – such as EV (Extended Validation), wildcard SSL certificates (that cover entire subdomain levels), SGC (Server Gated Cryptography) or financial SSL certificates used for Open Financial Exchange (OFX).
By using a central issuance point for your SSL certificates for the whole enterprise, you can configure role-based security to ensure that certain roles can only access certain features, which means you can control who can generate SSL certificates. Additionally you have access to a full audit trail and reporting system which will allow you to monitor exactly who is using the certificate authority and what for. Moreover, with customisable requisition workflows, you can be sure that certificates aren’t being issued for the wrong reason. If you’re managing just tens of certificates or even tens of thousands, using a managed PKI is a no-brainer to reduce cost and complexity of managing your enterprise digital certificates.