Beruflich Dokumente
Kultur Dokumente
Reducing Complexity
and Total Cost of
Ownership with
VeriSign Managed PKI
white paper
Contents
1 Introduction
7 conclusion
7 glossary
8 learn more
8 about verisign
white paper
1
white paper
certificate to a CA in the other organization’s CA hierarchy. organizations assume that this can be achieved with existing
Each of the participating members in the cross-certification IT personnel at no additional cost, often in-house personnel
trust network could then work in an interoperable fashion. lack the PKI expertise needed to effectively implement an
However, the cost and effort to create the cross-certification on-premise solution. In addition, enterprises must be prepared
can be prohibitively expensive and time consuming. to commit significant IT resources to ongoing PKI support
requirements. Maintaining audit logs, creating a Certificate
Uncovering the True Cost of Revocation List and other tasks are not trivial matters —
On-Premise PKI requiring trained, dedicated PKI personnel or costly external
consultants. Without serious consideration to these matters,
When considering a PKI implementation, organizations
you could potentially undermine the strength of your “trust
often focus on only the traditional solution costs such as
anchor” and likewise the value of PKI.
software licensing, hardware, and installation services. But
with PKI, there are a number of additional factors that
organizations need to consider when deciding whether to Comparing a Managed PKI Service to an
implement PKI in house. In fact, software and hardware for On-Premise Solution
the PKI solution are often only a small component of the Alternatively, organizations can use a managed PKI service,
overall cost of ownership for an on-premise PKI solution. which delivers PKI capabilities on demand. A managed
service dramatically reduces the burden on the enterprise
To create a scalable, reliable, and secure on-premise PKI, while ensuring scalability and availability. Policies,
companies need to carefully consider not only the acquisition operational processes, and certificate management can be
costs, but the ongoing costs, including: handled by the service provider.
Software acquisition and maintenance A managed service is also able to scale more easily to the
Hardware and networking infrastructure growing needs of the business. To scale an on-premise
Secure facilities solution, organizations often have to install separate instances
Creation and auditing of policies and procedures of the software, requiring more hardware, backup, disaster
Management of the certificate lifecycle recovery, and other infrastructure.
Highly available validation (Certificate Revocation List A managed PKI service drastically reduces the cost of
(CRL)/Online Certificate Status Protocol (OCSP)) deploying PKI compared to an on-premise solution. To
infrastructure
illustrate this, let’s compare the VeriSign® Managed PKI
End user support Service to an alternative on-premise PKI solution. We’ll look
IT training at three major areas of cost that organizations incur when
Backup and disaster recovery deploying and using a PKI solution: software, infrastructure,
Scalability to support user and application growth and personnel.
2
white paper
Production Production
Annual Per Seat Fee N/A $31,000.00 Email Plug-in Application $16,190.00 N/A
Pilot Pilot
Account Set Up Fee N/A N/A RA Authority $15,064.00 N/A
Annual Per Seat Fee N/A N/A Email Plug-in Application $202.00 N/A
Annual Per Seat Fee N/A N/A Email Plug-in Application N/A N/A
3
white paper
Hardware Hardware
Cryptographic Hardware
Cryptographic Hardware N/A N/A $42,393.00 $6,359.00
(SafeNet)
Software Software
Operating System Licenses
Operating System Licenses N/A N/A $4,116.00 $823.00
(Microsoft)
4
white paper
Training Training
Security Manager
PKI Comprehensive Course N/A N/A $7,500.00 N/A
Comprehensive Course
5
white paper
The Bottom Line Over three years, total costs for the on-premise solution
In terms of total acquisition and deployment costs across all were more than $980,000, averaging out to about $328,000
three major areas above, the on-premise solution comes in per year. For the VeriSign Managed PKI Service, the total
at more than $580,000 compared to $76,000 for VeriSign cost for three years was $218,000, which averages out to
Managed PKI. Recurring costs were nearly three times slightly more than $72,000 per year.
higher than those for the VeriSign Managed PKI Service.
THE BENEFITS OF the VeriSign® Managed architecture without expensive custom programming.
PKI Service Ease of use. VeriSign Managed PKI Service simplifies
VeriSign® Managed PKI Service is a hosted solution deployment and enables enterprises to quickly and easily
enabling complete management of digital certificates manage large numbers of certificates, while offering
transparency to end users.
(issue, revoke, renew, escrow keys, view status, run reports)
for authentication, encryption and digital signing. With Scalability and reliability. VeriSign’s trusted and
VeriSign managed services, organizations can establish a reliable infrastructure scales to millions of users and
flexes to meet evolving business needs.
robust PKI and certificate authority (CA) system without
the cost and time-to-market burden of on-premise PKI Market-leading. VeriSign’s time-tested policies and
deployment. practices have been proven effective across many
industries and sizes of organizations. VeriSign Managed
Leading organizations, government agencies, and digitally PKI Service has helped thousands of organizations,
connected communities choose VeriSign Managed PKI including partners and companies such as Avaya Inc.,
Service because it delivers: CertiPath LLC, and the U.S. Department of Education
to protect their online data, systems, and processes
Lower total cost of ownership. Organizations
against intrusion and business disruption.
drastically reduce upfront capital investments and A trusted solution. VeriSign operates the longest
ongoing IT personnel costs for PKI. running commercial PKI platform in the world and has
Fast deployment. VeriSign enables organizations to
issued more than 103 million device certificates.
deploy PKI rapidly to employees, customers, business
partners, Web services applications and network devices.
Seamless integration. VeriSign Managed PKI
Service can integrate into many organizations' existing
6
white paper
Conclusion GLOSSARY
By eliminating or reducing the high costs of the Certificate Authority (CA) — A trusted party, authorized
infrastructure and IT personnel resources, a managed PKI to issue, revoke, or suspend digital certificates as part of a
service enables enterprises to cost-effectively comply with Public Key Infrastructure (PKI).
regulatory mandates, protect sensitive corporate data, and
communicate in a trusted way with external parties. Certificate Revocation List (CRL) — A periodically
issued list, digitally signed by a CA, of identified certificates
For more than a decade, VeriSign has been the trusted that have been revoked prior to their expiration dates. The
provider of PKI services for all types of enterprises, list generally indicates the CRL issuer’s name, the date of
government organizations, and trusted communities. VeriSign issue, the date of the next scheduled CRL issue, the revoked
Managed PKI Service delivers the high level of protection certificates’ serial numbers, and the specific times and reasons
organizations need without the complexity, burden and cost for revocation.
of an on-premise solution. With VeriSign, organizations no
longer have to decide between the high price of security Certification Practices Statement (CPS) — A document
versus the high cost of a breach — they can implement PKI containing a statement that specifies the practices a CA or RA
for all their critical business transactions. employs in issuing certificates. This document is revised as
necessary by the CA.
7
white paper
Private Key — The mathematical key (kept secret by the LEARN MORE
holder) used to create digital signatures and decrypt messages For more information about VeriSign® Managed PKI Services,
or files encrypted with the corresponding public key. please call 650-426-5310 or email:
identityandauthenticationservices@verisign.com
Public Key — The publicly available mathematical key that
is used to verify signatures created with its corresponding
private key. Depending on the algorithm, public keys are About VeriSign
also used to encrypt messages or files which can then be VeriSign is the trusted provider of Internet infrastructure
decrypted with the corresponding private key. services for the digital world. Billions of times each day,
companies and consumers rely on our Internet infrastructure
Public Key Infrastructure (PKI) — An umbrella term used to communicate and conduct commerce with confidence.
to describe all the hardware, software, people, policies, and
procedures needed to create, manage, store, distribute, and Visit us at www.VeriSign.com for more information.
revoke a digital certificate.
1. This sample comparison is made available to you to independently evaluate the benefits of implementing managed PKI and the
associated direct costs of managed PKI deployment, including customer care and solution-related costs. This sample comparison
is not intended to provide financial or investment advice, and should not be relied upon as such. The information presented is
only to highlight issues for your consideration. All scenarios are hypothetical and are for illustrative purposes only. Deployment/
investment decisions should not be based upon this sample comparison alone. There are no representations or warranties of any
kind, either express or implied. VeriSign cannot and does not guarantee results.
©2010 VeriSign, Inc. All rights reserved. VeriSign, the VeriSign logo, the Checkmark Circle logo, and other trademarks, service marks, and designs are registered or unregistered
trademarks of VeriSign, Inc., and its subsidiaries in the United States and foreign countries. All other trademarks are property of their respective owners.
8 00028649 05-10-10