In our previous blog post, the Forrester Total Economic Impact™ (TEI) study showed how organizations can turn PKI from a necessary cost into a measurable business advantage, to the tune of a 356% ROI and $9.9 million in net present value over three years.
As we continue our blog series, we will now dive into how those numbers came into being, what they mean, and how they translate to your organization.
90-minute to 2-minute provisioning
The cost:
Provisioning certificates takes time. First, you generate a certificate signing request (CSR). Then it’s onto the certificate authority (CA) and getting approval. Finally, you retrieve the certificate and get it where it needs to go. All of this adds up to an average of astonishingly inefficient 90 minutes. PER CERTIFICATE. Now, multiply that by the $75 per hour for personnel who manually manage certificates, and to compound this, you know the number of required certificates increases every year.
The future:
With automation, the time required to provision a certificate can be cut from 90 minutes to two minutes. Now, your team is set to scale by handling exponentially more certificates with an even lower headcount. This opens up personnel who used to manually manage certificates to now focus on value-driving, strategic work.
“We’re saving an exponential amount of hours provisioning private certificate services with Keyfactor. Right now, we’re managing twice the certificates with half of the resources.”
Expert, cybersecurity, telecommunications
16x cert growth with same staff
The cost:
Certificates are proliferating rapidly. New use cases arise every day with the implementation of AI, workloads, and other non-human identity sources. With unscalable, manual processes, the manpower and resources required to maintain must grow linearly with the influx of certificates.
The future:
In addition to slashing time for provisioning, automation’s role in renewals drastically increases the ability to scale. Instead of manually monitoring and initiating renewals, workflows can automatically update certificates, eliminating a mundane, monotonous task from valuable resources.
“The greatest testament to the value we’ve gotten from Keyfactor is the ability to scale certificate usage tenfold with the same number of resources today as we had five years ago.”
Project manager, information security, retail
95% incident reduction
The cost:
What you can’t see can hurt you. Without centralized visibility, certificate outages are inevitable and can range in impact from minor internal disruptions to significant customer-facing outages. No matter whether the outage is caused by an expired certificate or one that is improperly deployed, it’s going to cost you:
- Personnel hours to find and remedy the problem
- Time away from what they were supposed to be doing
- Interruption of services
- Reputational costs
The future:
Visibility and automation are the two main drivers behind reducing certificate outages. First, having all certificates and their associated metadata (i.e. expiration date, owner), teams can quickly see any certificates that are about to expire and take immediate action. Automation makes that process even easier. Low-impact certificates can be set for auto-renewal, while more important ones can have automated processes for approvals and reminders sent. That same automation can even handle the installation, reducing the risk of improper installation.
“In the past year, five years, we’ve only had one [expired certificate] with minimal downtime. It only took one person on our end about an hour to understand what had happened and renew the certificate.”
Project manager, information security, retail
70+ servers retired
The cost:
Infrastructure costs money. Not just the up-front capital investment for the CA servers, HSMs, and database servers, but also the licensing, the headcount to maintain it, and even the electric bill all add up.
The future:
With multi-tenancy and hybrid on-premises/SaaS solutions, consolidation opportunities are abound. Instead of a single server per CA instance, multiple PKI hierarchies can reside on one piece of hardware, or be offloaded completely to a managed SaaS offering. This decreases the hardware requirements, in turn relieving the pressure on maintenance teams.
“The huge cost advantage is we’re not sitting on what was effectively 80 to 100 servers and firewalls that needed patching.”
Expert, cybersecurity, telecommunications
<6-month payback
Every savings rolls into the big payoff: less than a 6-month payback and a 356% 3-year ROI. No longer does PKI have to be a resource-draining cost center. With the reduction in overhead and freeing up of technical resources, PKI modernization not only pays for itself but also continues to drive business value. Without expanding headcount, organizations can increase business efficiency, reassign resources to more business outcome-driven projects, and be ready to handle certificates at scale.
