Skip to main content
banner image
venafi logo

Federal PKI Security Challenges: Extending IDaaS with Certificate as a Service

Federal PKI Security Challenges: Extending IDaaS with Certificate as a Service

IDaaS, Certificate as a Service, ssl certificate management, CaaS
February 13, 2019 | Lindsy Drake

After completing the massive transition to a public trust public key infrastructure (PKI), the web security teams at Department of Defense (DoD) agencies will be intimately familiar with the amount of time it actually takes to provision large numbers of certificates.  Indeed, security strategies often suffer because the certificate provisioning process is too complicated and lengthy. Unlike changing a password, changing a certificate can take from hours to weeks. In this blog, I’ll discuss how Certificate as a Service (CaaS) can extend across both human and Non-Person Entities (NPEs). I’ll also call out what should be considered in the identity layer as well as how to assess the viability of CaaS for security, scalability and speed of delivery.

First let’s talk about how our notions of identity are different for people and machines. We need to move towards a broader definition of identity that includes both actors on the network – people and machines. Many automated machine-to-machine functions support critical mission functions, yet we are investing billions in human identity security and almost nothing securing the machine identities that provide critical authentication points for countless NPEs across the DoD enterprise.


With growing threats and the dynamic nature of today’s network perimeter, ongoing authentication at the identity layer is becoming more essential. But as devices and applications outpace people on the network—with cloud workloads, virtualization, Fast IT & containerization, mobility and IoT—identity-layer solutions must extend not only to human identities, but also to NPEs.

Machines are taking more of a central role in agency operations and decision making, including software and information technology services that refine new processes and develop new initiatives more effectively and efficiently. Incorporating CaaS into an overall IDaaS initiative, enables the use of digital certificates to authenticate users, mobile devices and other machines for a more comprehensive approach to IDaaS.

To achieve balance between speed and security, a CaaS platform should be used to automate the procurement and deployment of cryptographic keys and digital certificates as part of the build process—fully integrated with next-generation software development platforms, hardware security modules and existing certificate authorities. These certificates can then be used to authenticate machines. In addition, secure self-service, end-user, web-based mobile and user certificate portals can ensure policy-enforced certificate issuance.

Consumers and providers of NPEs reside throughout the agency enterprise. They require rapid and secure issuance of machine identities as well as the quick determination of the appropriate level of trust for all machine identities connected to their agency that reside inside and outside the boundaries of their network. With this dependence on machines, IDaaS strategies need to include authentication of both people and NPEs—securing all actors on the network—and CaaS can deliver this broad and strong authentication in a fast and scalable platform.

Contact us to discuss how offering certificates as a service can improve policy compliance at your agency.


Related posts

Like this blog? We think you will love this.
Featured Blog

What Is a Private Key?

How Are Private Keys Used?<

Read More
Subscribe to our Weekly Blog Updates!

Join thousands of other security professionals

Get top blogs delivered to your inbox every week

Subscribe Now

See Popular Tags

You might also like

TLS Machine Identity Management for Dummies

TLS Machine Identity Management for Dummies

Certificate-Related Outages Continue to Plague Organizations
White Paper

CIO Study: Certificate-Related Outages Continue to Plague Organizations

About the author

Lindsy Drake
Lindsy Drake

Lindsy Drake writes for Venafi's blog and is an expert in machine identity protection.

Read Posts by Author
get-started-overlay close-overlay cross icon
get-started-overlay close-overlay cross icon

How can we help you?

Thank you!

Venafi will reach out to you within 24 hours. If you need an immediate answer please use our chat to get a live person.

In the meantime, please explore more of our solutions

Explore Solutions

learn more

Email Us a Question

learn more

Chat With Us

learn more