6 Final Conclusion (PKI - Approach with caution)
42. Based upon overseas and New Zealand experiences, it is obvious that a PKI implementation project must be approached with caution. Implementers should ensure their risk analysis truly shows PKI is the most appropriate security mechanism and wherever possible consider alternative methods.
43. The following table draws upon the PKI experiences previously noted, and provides a list of warning signs. This warning is applicable at both an all-of-government and individual agency level. Obviously the more warning signs, the more closely the project should be scrutinised.
|
Warning Signs |
Positive Signs |
|
The vendor who proposed you implement PKI, sells PKI |
Your security vendors are separate from your PKI vendors. (Ideally your security vendors sell a competing PKI product) |
|
Your vendor assures you that they can implement PKI, because they have all the relevant experience |
You have spoken in depth to government agencies that have implemented PKI |
|
PKI is the latest technology, and has been recommended by your vendor |
You have considered several alternatives including PKI and it is the best |
|
You have not considered business compliance costs, including time to get system going, downtime, minimum hardware/bandwidth requirements, etc |
The business compliance costs stack up |
|
You accept at face value that major vendors have implemented PKI correctly |
You have extensively tested to satisfy yourself that your vendor has implemented PKI correctly |
|
You accept the vendor's word that PKI transactions will always be usable in the future |
You have considered the risks and have developed processes to manage them, so you can cope with expired certificates, obsolescence in PKI technology, etc. |
|
Your PKI solution is tightly coupled to a single CA provider |
Your PKI solution can work with multiple CA providers |
|
You have no experienced staff and are involving vendors |
You have staff with a sound technical knowledge of PKI to a level that allows for solid planning (both risk mitigation and implementation planning) |
|
Your user audience is large (more than 1,000) |
Your user audience is small |
|
You have little control over your users PCs and technical environment |
You can control your users PCs and technical environment |
|
Your application is thin-client or requires downloads or modifications to the user's PC |
Your application is zero-client |
|
Your application is simple and manages PKI without the user being aware it exists |
Your application requires multiple complex steps to be undertaken by the user, or requires them to make judgements about the validity of a security statement e.g. "The name of this server does not match the name in the digital certificate - do you wish to proceed?" |
|
Your commercial CA has a small number of users, with little ability to achieve economies of scale. |
Your commercial CA is well established with a large number of users. |
|
The supporting PKI processes for CA and RA are complex, slow and partially automated or worse, manual. |
The supporting PKI processes for CA and RA are simple, fast and fully automated. |
|
The infrastructure costs are high. |
The infrastructure costs are low. |
[ Previous ]