Machine Identity Protection

Machine identities govern the confidentiality and integrity of information between machines. To assure their unique identities, machines use keys and certificates, much like people employ user names and passwords. Without the proper management of machine identities, organizations can’t guarantee the confidentiality of information that flows to authorised machines and prevent the flow of information to unauthorised machines.

​Compromised machine identities can have a significant security impact on organisations. Attackers can misuse machine identities to establish hidden or concealed encrypted communication tunnels on enterprise networks and gain privileged access to data and resources. Forged or stolen machine identities can also allow an attacker’s machine to masquerade as a legitimate machine, and be trusted with sensitive data.

We have a range of solutions that help to create, maintain, and protect machine identities including:

Want to know more?

Read more about these solutions in the section below.

Contact us on 04 917 6670 or if you would like to know more about these solutions and how they can help you.

Request more information3



idam section Solutions

  • Certificate Lifecycle Management

    Managing digital certificates can be difficult and missing a certificate renewal is a frequent occurrence with sometimes serious implications.

    Managing digital certificates can be difficult and missing a certificate renewal is a frequent occurrence with sometimes serious implications.

    There can be a large overhead associated with managing certificates and often staff use ineffective methods such as spreadsheets or don't do anything again.

    Certificate expiries can have a serious financial and business continuity impact on your organisation.

    We have effective solutions to help you streamline your certificate processes and in many cases automate these. We can help to remove the overhead associated with renewals, notifications, DevOps issuance, rogue certificates, and certificate owners).

    We are experts in helping organisations with transformation and agile / devops through to automation of certificate deployment and renewal.

    Want to know more?

    Contact us on 04 917 6670 or if you would like to know more about our certificate lifecycle management solutions.

    Request more information3   Request a demo

    We are the outsourced Venafi Professional Services provider in Australia and New Zealand

    We have deployed and integrated the solution in financial services in both Australia and New Zealand.

    Outside of Venafi, SSS has the most certified and experienced staff to help you with planning, design, implementation, and configuration of your certificate management solutions.

    Certificate Discovery Service

    Run a discovery scan across your environment to get a true view of what certificates you have and where they are.

    Venafi TrustAuthority

    Get the global visibility and intelligence you need to determine which machine identities should be trusted, and fix or block those that should not.

    Discover and protect all keys and certificates that act as machine identities across internal and external infrastructure, the internet and virtual, cloud and IoT infrastructure.

    Visibility - Locate all your certificates and see where they are installed

    • Create an accurate inventory of all TLS certificates
    • Scan local systems to retrieve internal certificates
    • Automatically connect to any CA to import certificates

    Scalability - Scale enrolment to support all business units

    • Quickly issue new certificates
    • Automate provisioning within popular DevOps frameworks
    • Automate certificate requests and renewals

    Compliance - create strong certificates that comply with security policies

    • Enforce enterprise-wide key and certificate security policies
    • Structure policies based on flexible attributes
    • Integrate with third-party workflow systems

    Proactive - Continuously monitor all certificates for security and availability

    • Schedule regular scans to detect anomalous use
    • Coordinate alerts for impending certificate expirations
    • Automate notifications of rogue keys or certificates
    • Validate proper certificate installation and configuration

    Venafi TrustForce

    Automating machine identity protection helps to ensure the security and protection of your key and certificate inventories by orchestrating rapid, corrective actions at machine speed and scale.

    Automation - Orchestrate your PKI infrastructure

    • Automate the replacement of expiring certificates to eliminate outages
    • Manage certificate life cycles across multiple certificate authorities
    • Automatically find, revoke, and validate compromised certificates
    • Orchestrate provisioning for encryption-dependent applications

    Policy - Enforce governance to streamline compliance

    • Define automated workflows, provisioning, and change management controls
    • Apply pre-defined security policies for continual validation
    • Calibrate rule-based access controls to allow or block access
    • Authenticate only policy-compliance machine identities

    Remediation - Automate remediation and validation at machine speed

    • Quickly respond to CA compromise or inadvertent error
    • Seamlessly change, remove, replace, or consolidated certificate authorities
    • Verify that all remediation actions comply with security policies
  • Hardware Security Modules

    A hardware security module (HSM) is a dedicated crypto processor that is specifically designed as the root of trust in a wide variety of business applications including PKI, SSL/TLS encryption key protection, code signing, digital signing, and blockchain.

    A hardware security module (HSM) is a dedicated crypto processor that is specifically designed as the root of trust in a wide variety of business applications including PKI, SSL/TLS encryption key protection, code signing, digital signing, and blockchain.

    SSS partners with Thales and Entrust Datacard to provide Hardware Security Modules and support.

    We have experienced experts that can help to implement, support and manage your HSMs as we do for some of New Zealand's leading banks and government agencies.

    We provide HSMs to secure your private keys relating to your PKI and to provide you with Key Management.

    Want to know more?

    Contact us on 04 917 6670 or if you would like to know more information or see our Hardware Security Modules in action.

    Request more information3

  • Public Key Infrastructure

    Public Key Infrastructure (PKIs) are essential for a secure and trusted business environment.

    Public Key Infrastructure (PKIs) are essential for a secure and trusted business environment.

    They help establish the identity of people, devices, and services.

    They provide a framework that enables cryptographic data security technologies such as digital certificates and signatures to be effectively deployed on mass scale.

    PKIs support identity management services within and across networks and underpin online authentication inherent in secure socket layer (SSL) and transport layer security (TLS) to protect internet traffic, as well as document and transaction signing, application code signing, and time-stamping.

    * Controlled access to systems and resources *

    * Protect data *

    * Accountability in transactions *

    PKI is a difficult thing to do properly

    Certificates issued by PKIs can underpin the trust for signing, authentication into networks and data encryption. If the underpinning trust is broken or compromised your business can be at risk.

    SSS has more experience than any other organisation in New Zealand implementing PKIs

    • We partner with some of the biggest providers in the PKI space supplying the best solutions.

    • We have been selected by several providers as their professional services partner.

    • Our consultants are experts in their field and highly skilled in working in the PKI space.

    • We have a defined and mature approach to projects, a specialist project manager, and templates to reduce cost.

    Jump to:

    Want to know more? 

    Contact us on 04 917 6670 or if you would like to know more about our PKI solutions.

    Request more information

    How can we help you?

    PKI Assessments

    We provide a comprehensive solution accessible through a web-based portal, allowing customers to perform ongoing self-assessments of organisations PKI implementation with accuracy and efficiency.

    The Microsoft PKI assessment provides an insight into the health of your organization’s Microsoft Active Directory Certificate Services (ADCS) environment. This engagement uses a variety of tools to collect data and statistics of the most important aspects of your ADCS environment. Topics covered include design, configuration settings, and overall health of your ADCS Servers and certificates.

    You will receive an actionable checklist of elements that are essential to ensuring your environment is secure and properly maintained. The scorecard also lets them maintain a historical perspective of your environment. They can easily chart and review how their environment evolves and changes over time. The scorecard, checklists, and the historical record are centrally stored in a secure portal and easily accessed via a convenient web-based dashboard.

    Back to Top

    PKI Design

    SSS can establish or review a PKI design based on organisational use cases to balance the need for a secure and trusted infrastructure with usable and functional service.

    We understand that the security requirements and risk postures vary between organisations and even within business units. Our design process incorporates a risk-based approach to ensure the right amount of security is incorporated to match the risk profile for current and future PKI use cases. We design the PKI in such a way that you are able to leverage the PKI for future use cases without the need to redo or replace the infrastructure.

    Back to Top

    PKI Policy Creation and Review

    SSS has extensive experience creating and reviewing policy artefacts required to establish a trusted PKI that are required to meet the current and future business needs. Upon completion of a review, we can make recommendations to ensure that your policies comply with industry standards and international best practice.

    Policies and procedures for the establishment of a PKI provide the certainty that the PKI has been established securely, has integrity and if necessary, can be re-built with confidence. The policy artefacts such as Certificate Policy, Certificate Practice Statement and Key Management Plans are based on industry standards and international best practices such as RFC 3647 and NIST 800-57.

    Back to Top

    Key Generation Ceremony

    SSS has the experience and skillsets for the development and review of key generation ceremony scripts to meet the stringent requirements of highly classified government environments and large financial organisations that alight itself to international standards such as ISO 21188. We can also conduct and facilitate key generation ceremonies.

    At the heart of any PKI is the key generation ceremony, which is a tightly controlled and auditable process used to generate the necessary key material required to establish a trusted PKI. When considering a PKI, it is critical that it is conducted in a well-documented and well executed environment. The steps leading to the establishment of a PKI should be beyond question and establish the trust that is required for its consumption.

    Back to Top

    HSM Services

    SSS has been implementing Hardware Security Modules (HSM) in the most highly classified environments in government, commercial entities and banking organisations. We are currently the only organisation in New Zealand that has certified Gemalto (SafeNet) HSM engineers.

    SSS currently provides HSM services to our integration partners, commercial clients and government entities which include:

    • Advisory services
    • Architecture Design
    • Installation and configuration
    • Management

    Back to Top

    Certificate Authority Management

    SSS, with its skilled resources, currently assists Government and banking clients with the management of their Certificate Authorities ensuring the platform is operating as envisaged. This managed service is based on the knowledge that not all organisations have PKI staff that can be used for this role. This service allows organisations to focus on their core business and leaves the management of the PKI to a capable and trusted partner.

    This service include the following:

    • Development of operational PKI processes
    • PKI audits to ensure compliance with policies and PKI best practice
    • Implementation of updates and upgrades of installed software and hardware components
    • PKI component system health checks, reports and remediation
    • Registration authority officer functions
    • Other required PKI operational functions

    Back to Top

    PKI Training

    The ability to design and manage a public key infrastructure (PKI) is highly dependent on the skills and knowledge of those managing it. SSS is offering one of the only online Microsoft PKI training courses in the world.

    It is the most up-to-date PKI training available, focusing on Microsoft Active Directory Certificate Services (ADCS) and Windows Server 2012 R2 - Windows Server 2019. All classes have a strong emphasis on security, best practices, and hands-on skills labs.

    We partnered with PKI Solutions to offer you effective PKI Training solutions. Together we will offer two PKI courses.

    • The PKI In-depth course is targeted at people who are designing or deploying a PKI in their organisations and need to expand their knowledge of PKI
    • The Advanced ADCS course focuses on hands-on labs and topics that build on existing Microsoft Active Directory Certificate Services (ADCS) and PKI knowledge

    The online courses are delivered electronically in a self-paced environment. You receive access to download the student materials, lab manual and supporting materials. The courses feature video, audio and slide based content and cover all of the same topics and lessons as PKI Solutions’ popular in-person courses.

    The nature of our work now means that more work is being done remotely. This makes the online PKI training a great option for your training needs.

    Back to Top



  • SSL / TLS Certificates

    SSL/TLS certificates are an essential component of the data encryption process that make internet transactions secure.

    SSL/TLS certificates are an essential component of the data encryption process that make internet transactions secure. They are digital passports that provide authentication to protect the confidentiality and integrity of website communication with browsers.

    Contact us on +64 4 917 6670 or to discuss our SSL certificate solutions in more detail or visit

    Request more information

    Organisational Validated (OV) SSL / TLS

    • OV certificates provide high assurance and verified site identity. Extensive validation checks are performed before certificates are issued.

    • OV are considered best practice for securing website transactions and are backed by rigorous verification practices and checks. This certificate type proves website authenticity, assuring visitors that you are serious about the protection of their information.

    Extended Validated (EV) SSL / TLS

    • EV certificates provide the highest assurance online, backed by the strongest level of verified identity which adds additional layers of security to your site.

    • EV is used by major anti-phishing services to determine safe websites, and is treated as more trustworthy by browser filters.

    • Organisations that implement EV are well positioned for forthcoming regulations in the EU that put identity at the forefront of digital security.

    • EV certificates are the most trusted and secure SSL/TLS solution that is actively used by the world's leading online businesses. The most extensive validation method is used to verify the sites identity providing high assurance as well as data encryption for your organisation's networks, websites and domains.