PKI as a Service

Cogito Group provide professional services to design, install, configure, and operate Public Key Infrastructure capabilities on a customer’s premises. Cogito Group also provide managed PKIs or Public Key Infrastructure as a Service (PKIaaS). This service combines the best security outcomes that can be achieved with a self-managed PKI at a reduced cost.

What is PKI?

Public Key Infrastructure (PKI) is the combination of hardware, software, policies, standards, procedures, and people needed to create, manage, store and distribute digital credentials (keys and certificates). PKIaaS (or hosted PKI) allows you to connect into your hosted PKI and still have full functionality to Automatic and Manual enrolment of certificates.

What is PKIaaS?

Cogito’s PKIaaS offering allows you to have your PKI run by experts in the field. Cogito use best practices, along with dedicated software and hardware to provide the best PKIaaS available in the market today. Cogito is able to amortise the largest costs of PKI across several clients. Even where customers specify the dedicated hardware. This includes lowering the cost of maintaining PKI experts, allowing Cogito to provide this service at a lower cost than any single organisation.

Our PKI Offering

Public Key Infrastructure as a Service (Hosted PKI)

Cogito Group’s Public Key Infrastructure as a Service (PKIaaS) provides a hosted, fully managed, PKI service. This is available to customers to consume without the setup costs of an on premise solution. Clients can select the level of security and assurance required. This determines the establishment of trusted identities and services within their organisation. Including all the functions and capabilities of a best practice, self-hosted PKI. Cogito’s hosted PKIaaS services offers the following extra features.

  • Credential management
  • Identity registration
  • Local or hosted credential printing
  • Shared or dedicated Certification Authorities (CA’s)
  • Shared or Dedicated Hardware Security Modules
  • Shared or dedicated infrastructure
  • Hardware key protection of CA
  • Self-managed portal allowing users to revoke and submit requests
  • Optional automatic enrolment capability
  • Ability to identify internally created certificates that indicate abuse by users
  • Replacement of multiple CAs.
  • Replacement of external SSL certificate providers through Let’s Encrypt and Digicert connectors + additional options
  • Lower costs with pricing based on active, not issued, certificates
  • Each organisation is separately tenanted – and separated from wider IaaS/PaaS services.
  • Full intelligent search within our portal
  • Full key management capabilities including Hold Your Own Key and Bring Your Own Key for services such as Microsoft Azure and AWS.
  • Agility – we recognise that customers not spending alot with us have great ideas. We work with you to create new features as needed.
  • Support Services – Our support services are run by developers. If you have a bug we can fix it quickly.
  • Expertise – we are experts in every aspect of PKI, Encryption Services and IdM.
  • Soft certificate integration with Jellyfish

PKI Onsite Managed Services

Cogito Group can provide personnel for the ongoing management of existing PKI systems. This includes management, solution support and enhancement. Cogito Group has significant expertise in providing these services. Cogito Group currently provides this level of support to the Australian Department of Defence. The PKI within the Australian Department of Defence is one of the largest and most complex in the southern hemisphere.

  • We specialise in a niche market, and offer an expert understanding of our products and services
  • We have been operating since 2011 as System Integration and PKI experts
  • We offer customised delivery targets with each managed service project.
  • Full monitoring, analysis and reporting capabilities
  • Highest customer service standards – we use a two way feedback system designed to anticipate client needs and prevent problems before they occur.
  • Problem solving – We know our customers hire us to solve problems. We tailor solutions to ensure a perfect fit for customer needs.

PKI Onsite Design, Implementation, and Maintenance Support

Cogito Group are able to provide dedicated onsite staff for the creation and ongoing support of PKI services. These services include the following:

  • Business cases
  • Solution Architecture and Design
  • Project Management
  • Solution implementation
  • Provision of speciality hardware. This includes: Hardware Security Modules, Credential Management Systems, Smartcards and;
  • PKI Management Services

Through our involvement with the Australian Department of Defence, Cogito Group has developed extensive knowledge of the design, implementation, and support of PKI systems.

Projects with Defence have included some of the largest and most complex PKI projects in the southern hemisphere. This included the fulfilment of the existing PKI service, and the cross-certification of the PKI solution with other agencies.

The Cost of Ownership

Deploying and managing PKI solutions is complex. Depending on the size and complexity of your organisation, you may not need an in-house PKI solution. Cogito Group offers managed Public Key Infrastructure as a Service options. These options enable trust and secure corporate assets throughout your technological ecosystem.

Ensuring a robust and secure PKI can cause extra hidden costs. Cogito Group removes these costs. Providing full management of your chosen PKI solution combined with lower costs. Read more about Cogito Group’s managed PKIaaS offering below.

PKIaaS and Encryption

The vulnerability of the data can be significantly reduced by encrypting the data or encrypting the transmission path taken by the data along the network. Encrypting the data is referred to as data-level encryption and encrypting the path is referred to as session encryption.

If a user needs end-to-end protection of data, measures must be taken to keep it secure in all the three states: at rest, in use, and in motion.

Digital Credentials

Digital credentials are the digital equivalent of a signature on a piece of paper. They can also act as a digital version of identity documents issued by trusted parties such as government organisations. They are used to establish a persons privileges, characteristics and identity in the electronic world.

Physical identity credentials are coming under increasing pressure from counterfeiting and other fraudulent use. They also cannot be used easily by electronic devices such as mobile phones and personal computers. Digital credentials resolve some of these issues.

Document Signing

Digital signing software offers users with a secure and cost-effective means to authenticate documents. A third-party certification authority is involved to ensure trust, as privately issued certificates are not trusted.

The use of document signing certificates saves time and cost by eliminating the need to print, scan and mail documents. As digitally signed documents use secure methods to prevent tampering and assures non-repudiation, hence it is accepted to be legally binding all over the world.

Benefits of PKIaaS

PKI establishes trust within organisational networks. With PKIaaS you discover the benefits of PKI without the risks. Cogito’s PKIaaS offering grants you:

  • Provision of encryption and authentication for internal and external web pages
  • Logical Access Control
  • Allows single sign on to resources
  • Authentication to different environments (e.g. Windows to Unix)
  • External access to corporate network services
  • Remote secure administration of ICT assets
  • Reduced administrative costs – no need for in house skilled PKI/HSM/Key Management staff
  • FIPS 140-2 Level 3 HSM guarantee
  • Value for money over in-house PKI deployment
  • Apply digital signatures to your contracts, documents, and more
  • Full lifecycle certificate management
  • Remote monitoring of resources
  • Maximise security
  • Access to digital identity and workflow experts
  • End to end protection
  • Built in governance and compliance capabilities

Cryptography as a Service

Our Cryptography as a Service (CaaS) options allow you complete control over your data. To give customers control over their cryptographic keys, Cogito Group offer Bring Your Own Key and Hold Your Own Key options.

Customers can also choose from dedicated or shared services. Cogito Group’s Key Management experts maintain and operate these services from secure facilities. We enable customers with FIPS-140-2 Level 3 Hardware Security Modules.