× SSL247 joins forces with Sectigo CA - Find Out More...
Our accreditations and awards:
0 items Total £0.00

Knowledge Base


With cryptography as PKI’s core mechanism, Public Key Infrastructure solutions have been recognised as the gold standard for highly secure and trusted authentication, digital signatures and encryption. Deploying a PKI solution in reality however, can prove to be a complex and expensive undertaking considering not each deployment’s infrastructure is unique – particularly the issuance, management and the revocation process.

PKI is different to most technology solutions, it has multiple components that go beyond mere software – like training, policy development, data centre and certificate management – which creates a robust, secure PKI environment. These components are often overlooked when organisations seek PKI solutions and are obscured as a hidden cost to deployment – a cost that can exceed the initial acquisition cost substantially.

Considering On-premise PKI

Organisations implementing an on-premise PKI must consider many issues, but the most vital is without a doubt handling the root certificate’s security and the certificate issuance process. If the root certificate were ever compromised not only would the organisation be put at risk, the validity of all issued certificates from the governing CA will also be called into question – jeopardising the entire PKI trust hierarchy.

It is also crucial to utilise a trusted 3rd party CA for the root certificate in the verification purposes, especially if the solution will be used to securely communicate and transact business with external parties – companies acting as their own CA are less likely to be fully trusted because of 3rd party verification.

The ‘hidden’ costs

The traditional costs of PKI – software licencing, installation and hardware – are often only a small component of the overall ownership cost for an on-premise PKI solution. Organisations seeking out PKI solutions frequently forget the hidden operational costs that must also be considered before they host a PKI solution in house, which includes:

  • Software acquisition and maintenance
  • Secure facilities
  • Certificate lifecycle management
  • End-user support
  • Backup and disaster recovery
  • Hardware, networking infrastructure
  • Creating/auditing policies and processes
  • CRL and OCSP validation infrastructure
  • IT Training
  • Scalability for user and app growth

What if the software is free?

Some server operating systems offer free PKI capabilities to establish a “low-cost PKI solution,” and many organisations presume – mistakenly – that this enables existing IT personnel to deploy a PKI solution without additional costs. Whilst the capability removes traditional upfront costs of PKI, many IT personnel lack the expertise to implement a scalable on-premise solution effectively – wasting resources as a result.

Furthermore, organisations that opt for this ‘do-it-yourself’ PKI must be prepared to commit significant IT resources to support all the ongoing costs of PKI – the aforementioned hidden costs.

Considering Cloud-based PKI

Unlike their on-premise counterpart cloud-based PKIs are externally hosted PKI services, supplying PKI capabilities on demand. The cloud-based approach drastically reduces the burden on individual organisations – financial, resources, and time wise – by eliminating the need for organisations to set up any infrastructure in-house. The service provider handles all the ongoing maintenance of PKI whilst ensuring scalability and availability – ensuring a hassle free, efficient service.

Scalability to match the growing needs of the organisation is another advantage. The service provider handles all additional requirements – installing software, hardware, backup, disaster recovery and other infrastructure – that would otherwise become a burden for owners of on-premise PKI solutions.

The cost of cloud-based PKI

Most importantly, cloud-based PKI impose a reduced financial burden on the organisation compared to on-premise PKI. While on-premise PKI incurs both hidden and traditional costs, cloud-based PKI services only incurs a single monthly fee – ensuring all outgoing PKI costs are fixed.

To illustrate the cloud-based PKI’s cost effectiveness, Symantec compared the MPKI solution – offered by SSL247® – to an alternative on-premise PKI solution and focused on the three main areas of cost (software, infrastructure and personnel cost). Over three years, the comparison found on-premise PKI cost organisations approximately $305,000 more than the cloud-based MPKI service.


Click on your country to download


Cloud-based PKI services allow organisations to eliminate (or reduce) some of the expensive costs associated with PKI deployment, which includes infrastructure and personnel training. Additionally, cloud-based PKI services like the MPKI service offered by SSL247® – and powered by Symantec – also allow organisations to comply with regulatory mandates, secure sensitive information and enable secure communication with external parties.

Cloud-based PKI services – like the MPKI service – is a cost effective solution for all critical business transactions, which means organisations do not have to choose between expensive security or a costly breach any longer.