MENU

Public Key Infrastructure and Key Management

Our Experience

SSS understands the complexities involved with developing and maintaining a highly-trusted PKI that balances the need for security and usability. This is why we always apply a risk based approach to our deployments. Our approach mitigates major risks associated with implementing and managing a PKI by maintaining a focus across all three areas of people, process and technology.

In addition to the PKI (the core trust anchor), SSS is experienced in delivering management and automation products and services for certificates and keys.

Our experience delivering PKI and associated services to large banks, government and corporate organisations, combined with our partnerships with industry leaders, and our experienced specialists means that we can offer you a real point of difference.

We employ highly skilled staff with extensive experience in advising on, designing, implementing, and managing and supporting PKI solutions and its use for encryption, digital signatures and authentication of users and devices.

  • SSS is the only Entrust Datacard partner in New Zealand with staff that are certified and experienced in deilvering the Entrust Datacard PKI products.
  • SSS is the only Gemalto SafeNet partner in New Zealand with staff that are certified and experienced in the implementation and management of the Gemalto SafeNet HSMs.
  • SSS has the largest number of Venafi certified security administrators in New Zealand for the implementation and management of PKI.

Service overview

  • PKI design
  • PKI policy creation and review
  • Key generation ceremony
  • HSM services
  • Certificate Authority management

Click here to read more about the SSS PKI Service in more detail.

section icon security products Solutions + Partners

  • Venafi Trust Platform for keys and certificates management

    The Venafi Platform provides dynamic protection for machine identities across your extended infrastructure in one trust platform.

    The Venafi Platform provides dynamic protection for machine identities across your extended infrastructure in one trust platform.

    Venafi automates protection for machine identities.  They generate the machine identity intelligence necessary to automatically safeguard the flow of information to trusted machines and prevent communication with untrusted ones.

    Key Advantages

    • Continuously discover all keys, certificates and Certificate Authorities
    • Constantly monitor keys and certificates for weaknesses and anomalies
    • Automate the rapid replacement of compromised keys and certificates
    • Enforce key and certificate policies to strengthen security
    • Automate certificate requests and renewals

    Get Instant Access to Machine Identity Intelligence

    The Venafi Platform combats security and availability risks by providing global intelligence and visibility into all aspects of machine identities across the global extended enterprise.

    Accelerate Protection with Intelligent Action

    Venafi puts machine identity intelligence into action by automating workflows and policies that govern keys and certificates.

    Partner Integration

    With hundreds of native third-party applications and Certificate Authority out-of-the-box integrations, organisations can fully automate the lifecycle of all keys and certificates within their global extended network.

    You can read more about the Venafi Platform here

  • Gemalto SafeNet Hardware Security Modules

    A hardware security module (HSM) is a dedicated crypto processor that is specifically designed as the root of trust in a wide variety of business applications including PKI, SSL/TLS encryption key protection, code signing, digital signing and blockchain.

    A hardware security module (HSM) is a dedicated crypto processor that is specifically designed as the root of trust in a wide variety of business applications including PKI, SSL/TLS encryption key protection, code signing, digital signing and blockchain.

    SafeNet Hardware Security Modules provide the highest level of security by always storing cryptographic keys in secure hardware.  SafeNet HSMs provide a secure crypto foundation as the keys never leave the intrusion-resistant, tamper-evident FIPS-validated appliance.

    Gemalto implements operations that make the deployment of secure HSMs as easy as possible and they are integrated with SafeNet Crypto Command Center for quick and easy crypto resource partitioning, reporting and monitoring.

    What can you do with SafeNet Hardware Security Modules?

    • Address compliance requirements with solutions for Blockchain, GDPR, IoT, paper-to-digital initiatives, PCI DSS, digital signatures and data encryption.
    • Generate keys that are always stored in the intrusion-resistant, temper-evident FIPS-validated appliance.  This provides the strongest levels of access controls.
    • Create partitions with a dedicated Security Office per partition and segment through administrator key separation.

     Type of HSMs available

    • SafeNet Luna General Purpose HSMs
    • Transaction and Payment HSMs
    • Customisable HSMs
    • HSM Management

    Click here to read more about the Gemalto SafeNet Hardware Security Modules. 

     

  • Gemalto SafeNet KeySecure: Centralised Cryptographic Key Management

    SafeNet KeySecure from Gemalto is the industry leading centralised key management platform.

    SafeNet KeySecure from Gemalto is the industry leading centralised key management platform.  This is available as a hardware appliance or hardened virtual security appliance. 

    With Gemalto's Safenet KeySecure solution, organisations can centrally, efficently and securely manage and store cryptographic keys and policies across the key management lifecycle and throughout the enterprise.  The SafeNet Encryption Key Management solution can manage keys across heterogeneious encryption platforms, offering support for the key management interoperability protocol (KMIP) standard as well as proprietary interfaces.

    KeySecure enables administrators to simultaneously manage multiple, disparate encryption appliances and associated keys through a single, centralised key management platform.

    Key management features

    • Heterogeneous key management.
    • Support for multiple key types.
    • Simplified, full lifecycle key support and automated operations.
    • Centralised administration of granular access, authorisation controls and separation of duties.
    • High-availability deployment and intelligent key sharing across geographically dispersed centres.
    • Detailed auditing and logging.
    • Next-generation solution for NetApp storage.
    • Format preserving encryption (FPE) for structured data such as credit card or social security numbers.
    • Infield software updates with easy installation of new features.

    Encryption options

    SafeNet KeySecure can be combined with a portfolio of encryptors to pair reliable encryption at the appropriate level and best-in-class key management.

    • Application-level encryption
    • Transparent database encryption
    • File-level encryption
    • Tokenisation for sensitive data
    • Virtual machine-level encryption

    Click here to read more about the Gemalto SafeNet KeySecure solution.

  • Entrust Datacard on-premise and standard PKI services

    The Entrust Datacard on-premise and standard PKI services are ideal for those organisations that are looking for full in-house control over their PKI infrastructure as well as low complexity in their identity management processes.

    The Entrust Datacard on-premise and standard PKI services are ideal for those organisations that are looking for full in-house control over their PKI infrastructure as well as low complexity in their identity management processes.  It enables centralised control over the security infrastructure and streamlines management of the digital keys and certificates that secure user, device and application identities.  

    Entrust Authority Security manager provides a rich policy, role and group management engine to allow the organisation to segment and distribute administrative capability in a variety of organisational models.  The comprehensive out-of-the-box certificate profile library allows the architecture to simultaneously deploy and manage a myriad of certificate enabled deployment models and use cases.

    Key capabilities and benefits

    • Automated digital ID management including updates, revocation and recovery.
    • Support for large-scale deployments, enterprise and Citizen ID.
    • Web-based administration and end-user enrollment for delegated and distributed administrative processes.
    • Centrally managed policies and controls.
    • Certified for Federal Information Processing Standards (FIPS) 140-2 level 2.
    • Common criteria EAL 4+ certified.
    • Comprehensive and customisable auditing and reporting support for peer-to-peer and hierarchical cross-certification of CAs.
    • Support for X.509 certificates and CRL formats, PKIX-CMP, PKCS#7/10, SCEP, CMPv2 and EST.
    • Interoperability with LDAP directories, smart card management systems, OCSP responders and HSMs.
    • Available for deployment in Microsoft® Windows®, Oracle®, and Linux environments.

    Measurable benefits of the Entrust Datacard PKI solution

    • Trusted identity solution for transforming digital business models.
    • Trusted security leader providing unmatched technical support.
    • Flexible operational models.
    • Future proof and agile.
    • New opportunities for value creation.
    • Unlock greater value in core businesses.
    • Deploy foundational technologies and scalable ecosystems.
    • Enable and protect your digital ecosystems with trusted identity.

     Click here to read more about the Entrust Datacard PKI solution