The proper design and architecture of a PKI is critical to its long term viability and integrity. The choices and procedures used before the first piece of software is ever installed is critical. Many security requirements must be properly defined well before the project moves forward. We can provide you the expertise you need to ensure your environment will not only meet your needs today, but is properly designed for your needs down the road.
PKI Solutions can work with you to define an environment that mitigates unacceptable security risks. We can help with that. Non-Repudiation needs? Yes, we can show you how to architect your PKI to meet those needs.
Do you need a Hardware Security Module (HSM) for your PKI Environment? Don’t know? To get the most benefit of these devices, they should be implemented before you deploy your first CA.

Hardware Security Modules (HSM) are available from a number of manufacturers and are leveraged in a PKI to enforce defined procedures. HSMs can be used to ensure no one person can compromise a PKI. They can also be used to speed up signing/issuance in high-volume environments. HSMs can also be used to secure your CAs against the extraction and misuse of your CA private keys.
The proper selection, architecture and implementation of one or more HSMs in your environment is critical. Does your environment require a collusion requirement? If so, a K of N implementation on the HSM is recommended. Do you need to ensure a chain of custody for non-repudiation? Then the design and day-to-day history of the PKI needs to be carefully tracked and audit. This must be in place before the first component is ever installed.
HSMs can be leveraged to provide EAL 4/FIPS 140-2 level 3 protection of your PKI. Bintel is very experienced with architect and deploying Safenet and Thales HSMs and can even provide your organization with assistance in selecting and acquiring the HSMs.

The integrity and availability of your PKI environment can have a dramatic effect on the security of your enterprise. Components like Certification Authorities (CA), OCSP and CRL distribution points need to be available around the clock. Installing a second CA will do very little to provide fault-tolerance in most environments.
Clustered solutions will ensure your PKI components are available when your computers need them. Allowing a CA to go offline could prevent clients from enrolling and renewing certificates. It could also result in expired CRL files which will cause clients to stop being able to use certificates. OCSP and CES/CEP servers also have the potential to impact your environment if not carefully designed and deployed in a fault-tolerant solutions.
We can work with you to scale your recovery needs from simple software changes for recover ability, designing virtual machine recovery options (Ou custom built virtualization) for your PKI needs.

Hardware Security Modules (HSM) are available from a number of manufacturers and are leveraged in a PKI to enforce defined procedures. HSMs can be used to ensure no one person can compromise a PKI. They can also be used to speed up signing/issuance in high-volume environments. HSMs can also be used to secure your CAs against the extraction and misuse of your CA private keys.
The proper selection, architecture and implementation of one or more HSMs in your environment is critical. Does your environment require a collusion requirement? If so, a K of N implementation on the HSM is recommended. Do you need to ensure a chain of custody for non-repudiation? Then the design and day-to-day history of the PKI needs to be carefully tracked and audit. This must be in place before the first component is ever installed.
HSMs can be leveraged to provide EAL 4/FIPS 140-2 level 3 protection of your PKI. EGN is very experienced with architect and deploying Safenet and Thales HSMs and can even provide your organization with assistance in selecting and acquiring the HSMs.

Certificate Practices (CP) and Certificate Practice Statements (CPS) are some of the most misunderstood PKI related documents in an enterprise. Do you need one? Why would I need one? What should go into a CPS and how does it influence my PKI design? These are all questions that EGN can provide you expertise with. We can work with you to determine your needs and applicability. Where appropriate, we will work with your legal organization to help craft the proper CP and CPS for your enterprise needs.

Already have a PKI deployed in your environment or about to put one into production? Is it configured properly? Are all the components (CAs, OCSP, CDP/AIA, Policies, CP/CPS) healthy and up to industry standards? Many organizations don’t know. Why risk your environment due to a problem that could be remediated now? Our Best Practice Assessment compares your environment to industry best practices. You will know your areas of strength and areas that need remediation.
Whether you deployed the PKI or you engaged another company, the PKI Best Practice Assessment can provide you with the knowledge and assurance that it was done right. PKI environments are notorious for hiding problems until it’s too late and the solution is placed into production.

• CA Operations
• OCSP Servers
• Certificate Enrollment Policy Services (CEP)/Certificate Enrollment Services (CES)
• Cross Forest Enrollment
• PKI Design
• Disaster Recovery
• Documentation
• Certificate Templates
• Physical/Logical Security
• Security and Auditing
• CP/CPS Compliance Audit (if applicable)