Public Key Infrastructure (PKI)

Public Key Infrastructure (PKI)

SSS understands the complexities involved with developing and maintaining a highly-trusted PKI that balances the need for security and usability. This is why we always apply a risk based approach to our deployments. Our approach mitigates major risks associated with implementing and managing a PKI by maintaining a focus across all three areas of people, process and technology.

In addition to the PKI (the core trust anchor), SSS is experienced in delivering management and automation products and services for certificates and keys.

Our experience delivering PKI and associated services to large banks, government and corporate organisations, combined with our partnerships with industry leaders, and our experienced specialists means that we can offer you a real point of difference.

We employ highly skilled staff with extensive experience in advising on, designing, implementing, and managing and supporting PKI solutions and its use for encryption, digital signatures and authentication of users and devices.

  • SSS is the only Entrust Datacard partner in New Zealand with staff that are certified and experienced in deilvering the Entrust Datacard PKI products.
  • SSS is the only Gemalto SafeNet partner in New Zealand with staff that are certified and experienced in the implementation and management of the Gemalto SafeNet HSMs.
  • SSS has the largest number of Venafi certified security administrators in New Zealand for the implementation and management of PKI.

section icon security consulting More Information:

  • Outcome

    This service is designed to provide an effective end-to-end solution to ensure a trusted PKI is implemented within organisations that take into account the current and future use cases for PKI.

    This service is designed to provide an effective end-to-end solution to ensure a trusted PKI is implemented within organisations that take into account the current and future use cases for PKI.  Understanding the landscape for implementing PKI and its foundation for digital trust means that we can take a pragmatic approach to the implementation of a PKI, taking into account security, convenience and cost.

    With our expertise and extensive experience we are able to offer the following:

    • PKI design
    • PKI policy creation and review
    • Key generation ceremony
    • HSM services
    • Certificate authority management


  • Standard Service Features

    The following are included in the SSS PKI service.

    The following are included in the SSS PKI service.

    PKI Design

    SSS can establish or review a PKI design based on organisational use cases to balance the need for a secure and trusted infrastructure with usable and functional service.

    We understand that the security requirements and risk postures vary between organisations and even within business units.  Our design process incorporates a risk-based approach to ensure the right amount of security is incorporated to match the risk profile for current and future PKI use cases.  We design the PKI in such a way that you are able to leverage the PKI for future use cases without the need to redo or replace the infrastructure.

    PKI Policy Creation and Review

    SSS has extensive experience creating and reviewing policy artefacts required to establish a trusted PKI that are required to meet the current and future business needs.  Upon completion of a review, we can make recommendations to ensure that your policies comply with industry standards and international best practice.

    Policies and procedures for the establishment of a PKI provide the certainty that the PKI has been established securely, has integrity and if necessary, can be re-built with confidence.  The policy artefacts such as Certificate Policy, Certificate Practice Statement and Key Management Plans are based on industry standards and international best practices such as RFC 3647 and NIST 800-57. 

    Key Generation Ceremony

    SSS has the experience and skillsets for the development and review of key generation ceremony scripts to meet the stringent requirements of highly classified government environments and large financial organisations that alight itself to international standards such as ISO 21188.  We can also conduct and facilitate key generation ceremonies.

    At the heart of any PKI is the key generation ceremony, which is a tightly controlled and auditable process used to generate the necessary key material required to establish a trusted PKI.  When considering a PKI, it is critical that it is conducted in a well-documented and well executed environment.  The steps leading to the establishment of a PKI should be beyond question and establish the trust that is required for its consumption.

    HSM Services

    SSS has been implementing Hardware Security Modules (HSM) in the most highly classified environments in government, commercial entities and banking organisations.  We are currently the only organisation in New Zealand that has certified Gemalto (SafeNet) HSM engineers.

    SSS currently provides HSM services to our integration partners, commercial clients and government entities which include:

    • Advisory services
    • Architecture Design
    • Installation and configuration
    • Management

     Certificate Authority Management

    SSS, with its skilled resources, currently assists Government and banking clients with the management of their Certificate Authorities ensuring the platform is operating as envisaged.  This managed service is based on the knowledge that not all organisations have PKI staff that can be used for this role.  This service allows organisations to focus on their core business and leaves the management of the PKI to a capable and trusted partner.

    This service include the following:

    • Development of operational PKI processes.
    • PKI audits to ensure compliance with policies and PKI best practice.
    • Implementation of updates and upgrades of installed software and hardware components.
    • PKI component system health checks, reports and remediation.
    • Registration authority officer functions.
    • Other required PKI operational functions.