Solution Overviews

Cost Comparison: Internal vs. Hosted Private PKI

Issue link: https://resources.digicert.com/i/908362

Contents of this Issue

Navigation

Page 0 of 0

INTERNAL VS HOSTED PRIVATE PKI COSTS OF BUILDING AN INTERNAL PRIVATE PKI Cost Comparison: Internal vs. Hosted Private PKI Hardware, Software, and Licensing Training Certificate Policy (CP)/ Certificate Practices Statement (CPS) Auditing Against Certificate Policy Vulnerability Testing PKI Expertise • CA server—included with Microsoft Certificate Services (2 recommended for redundancy) • Online Certificate Status Protocol (OCSP) and Certificate Revocation List (CRL) distributed services for redundancy, high availability, and fast response times • Firewalls and segregated networks (Firewall, switch, and dedicated rack space) • Storage mechanism for offline root and backup of offline root (HSM required) • Signing HSMs—Gemalto Luna 5 ~$40k-60k (2 recommended for redundancy) • Regular training to keep personnel updated on latest PKI changes • Courses, certifications, and conferences • See most up-to-date reference (RFC 3647) for details: https://tools.ietf.org/html/rfc3647 • Writing a CP/CPS (80+ hours of work for PKI staff) • Maintaining a CP/CPS (living docs that need to be kept up-to-date) • Enforcing CP/CPS in software, policies, and rules • On-going logging of key portions of PKI as evidence for audit • Yearly audit of check compliance with policies in CP/CPS • PEN testing for CA and supporting services—$40-60k/pen test (Recommended on a regular basis—frequency defined in CPS) • Auditing vulnerability compliance, network scans, and vulnerability scans • PKI authorities and admins (2 for separation of roles) • Developer to write API interface (If customization is needed) NOTE: Average industry salary: $120-200k/individual © 2017 DigiCert, Inc. All rights reserved. DigiCert is a registered trademark of DigiCert, Inc. in the USA and elsewhere. All other trademarks and registered trademarks are the property of their respective owners. BENEFITS INCLUDED WITH DIGICERT HOSTED PRIVATE PKI • Trained personnel to securely manage the CA • Hardware, software, and licensing • Industry updates in servers, browsers, and libraries • High-availability and revocation infrastructure (OCSP & CRLs) • Certificate management via API

Articles in this issue

Links on this page

view archives of Solution Overviews - Cost Comparison: Internal vs. Hosted Private PKI