Public Key Infrastructure

Public Key Infrastructure (PKIs) are essential for a secure and trusted business environment.

They help establish the identity of people, devices, and services.

They provide a framework that enables cryptographic data security technologies such as digital certificates and signatures to be effectively deployed on mass scale.

PKIs support identity management services within and across networks and underpin online authentication inherent in secure socket layer (SSL) and transport layer security (TLS) to protect internet traffic, as well as document and transaction signing, application code signing, and time-stamping.

* Controlled access to systems and resources *

* Protect data *

* Accountability in transactions *

PKI is a difficult thing to do properly

Certificates issued by PKIs can underpin the trust for signing, authentication into networks and data encryption. If the underpinning trust is broken or compromised your business can be at risk.

SSS has more experience than any other organisation in New Zealand implementing PKIs

  • We partner with some of the biggest providers in the PKI space supplying the best solutions.

  • We have been selected by several providers as their professional services partner.

  • Our consultants are experts in their field and highly skilled in working in the PKI space.

  • We have a defined and mature approach to projects, a specialist project manager, and templates to reduce cost.

Jump to:

Want to know more? 

Contact us on 04 917 6670 or if you would like to know more about our PKI solutions.

Request more information

How can we help you?

PKI Assessments

We provide a comprehensive solution accessible through a web-based portal, allowing customers to perform ongoing self-assessments of organisations PKI implementation with accuracy and efficiency.

The Microsoft PKI assessment provides an insight into the health of your organization’s Microsoft Active Directory Certificate Services (ADCS) environment. This engagement uses a variety of tools to collect data and statistics of the most important aspects of your ADCS environment. Topics covered include design, configuration settings, and overall health of your ADCS Servers and certificates.

You will receive an actionable checklist of elements that are essential to ensuring your environment is secure and properly maintained. The scorecard also lets them maintain a historical perspective of your environment. They can easily chart and review how their environment evolves and changes over time. The scorecard, checklists, and the historical record are centrally stored in a secure portal and easily accessed via a convenient web-based dashboard.

Back to Top

PKI Design

SSS can establish or review a PKI design based on organisational use cases to balance the need for a secure and trusted infrastructure with usable and functional service.

We understand that the security requirements and risk postures vary between organisations and even within business units. Our design process incorporates a risk-based approach to ensure the right amount of security is incorporated to match the risk profile for current and future PKI use cases. We design the PKI in such a way that you are able to leverage the PKI for future use cases without the need to redo or replace the infrastructure.

Back to Top

PKI Policy Creation and Review

SSS has extensive experience creating and reviewing policy artefacts required to establish a trusted PKI that are required to meet the current and future business needs. Upon completion of a review, we can make recommendations to ensure that your policies comply with industry standards and international best practice.

Policies and procedures for the establishment of a PKI provide the certainty that the PKI has been established securely, has integrity and if necessary, can be re-built with confidence. The policy artefacts such as Certificate Policy, Certificate Practice Statement and Key Management Plans are based on industry standards and international best practices such as RFC 3647 and NIST 800-57.

Back to Top

Key Generation Ceremony

SSS has the experience and skillsets for the development and review of key generation ceremony scripts to meet the stringent requirements of highly classified government environments and large financial organisations that alight itself to international standards such as ISO 21188. We can also conduct and facilitate key generation ceremonies.

At the heart of any PKI is the key generation ceremony, which is a tightly controlled and auditable process used to generate the necessary key material required to establish a trusted PKI. When considering a PKI, it is critical that it is conducted in a well-documented and well executed environment. The steps leading to the establishment of a PKI should be beyond question and establish the trust that is required for its consumption.

Back to Top

HSM Services

SSS has been implementing Hardware Security Modules (HSM) in the most highly classified environments in government, commercial entities and banking organisations. We are currently the only organisation in New Zealand that has certified Gemalto (SafeNet) HSM engineers.

SSS currently provides HSM services to our integration partners, commercial clients and government entities which include:

  • Advisory services
  • Architecture Design
  • Installation and configuration
  • Management

Back to Top

Certificate Authority Management

SSS, with its skilled resources, currently assists Government and banking clients with the management of their Certificate Authorities ensuring the platform is operating as envisaged. This managed service is based on the knowledge that not all organisations have PKI staff that can be used for this role. This service allows organisations to focus on their core business and leaves the management of the PKI to a capable and trusted partner.

This service include the following:

  • Development of operational PKI processes
  • PKI audits to ensure compliance with policies and PKI best practice
  • Implementation of updates and upgrades of installed software and hardware components
  • PKI component system health checks, reports and remediation
  • Registration authority officer functions
  • Other required PKI operational functions

Back to Top

PKI Training

The ability to design and manage a public key infrastructure (PKI) is highly dependent on the skills and knowledge of those managing it. SSS is offering one of the only online Microsoft PKI training courses in the world.

It is the most up-to-date PKI training available, focusing on Microsoft Active Directory Certificate Services (ADCS) and Windows Server 2012 R2 - Windows Server 2019. All classes have a strong emphasis on security, best practices, and hands-on skills labs.

We partnered with PKI Solutions to offer you effective PKI Training solutions. Together we will offer two PKI courses.

  • The PKI In-depth course is targeted at people who are designing or deploying a PKI in their organisations and need to expand their knowledge of PKI
  • The Advanced ADCS course focuses on hands-on labs and topics that build on existing Microsoft Active Directory Certificate Services (ADCS) and PKI knowledge

The online courses are delivered electronically in a self-paced environment. You receive access to download the student materials, lab manual and supporting materials. The courses feature video, audio and slide based content and cover all of the same topics and lessons as PKI Solutions’ popular in-person courses.

The nature of our work now means that more work is being done remotely. This makes the online PKI training a great option for your training needs.

Back to Top