Recent breaches have shown that password protection is simply not enough, as organizations deal with increasingly stringent legislative demands for authentication. Even so-called encryption features in mobile devices are proving to be tantamount to locking a door and leaving the key under the mat for others to break in. Historically, deployment of PKI entails a high total cost of ownership, as vendor-provided PKI solutions typically require extensive management and in-house IT support.
Rather than investing in a full-blown and costly PKI infrastructure, however, developers can now turn to third-party platforms to meet their credential management needs, either in the cloud or at the endpoint (i.e., the mobile device). By “plugging into” a full PKI infrastructure that operates the digital certificates for them, developers can eliminate the cost impediment associated with credential management and apply the needed security measures across multiple applications.
When selecting a third-party vendor for data encryption and credential management, the onus is on IT managers to ensure that that vendor is leveraging a PKI-based technology and working with a provider that also can protect sensitive information on endpoint devices and in the cloud. With the right third-party resources, businesses will ultimately reap the full benefit of credential management at a much lower cost.
This article originally appeared in the October edition of SC Magazine.