The Challenge
Schneider Electric initially leveraged purpose-built systems for firmware and software signing that supported its early product lines. As product portfolios and signing volumes expanded, these separate systems became increasingly complex to manage, creating fragmented workflows, limited end-to-end visibility, and higher maintenance overhead. At the same time, evolving regulatory requirements highlighted the need for a more scalable approach to PKI and code signing to support continued global growth.
“Before we engaged with Keyfactor, we had a purpose-built solution for firmware and a SaaS solution for software. They really didn’t know each other, they weren’t scalable, and they were expensive to operate and maintain.”
-
Automation
Manual certificate generation and renewal processes increased risk and operational burden as signing volumes grew.
-
Siloed Systems
Disparate tools limited visibility, preventing teams from sharing a consistent view of PKI and signing operations across the enterprise.
-
Scale
Homegrown and SaaS solutions could not support expanding software builds, device lifecycles, and global compliance demands.
The Solution
Centralized, Scalable PKI and Signing
Schneider Electric selected Keyfactor EJBCA and SignServer to replace siloed firmware and software signing systems with a centralized, standards-based PKI and signing platform. With Keyfactor, Schneider now manages certificates and signing operations from a single trusted foundation while supporting diverse deployment models. Keyfactor also provides Schneider with a future-ready roadmap, enabling crypto-agility and preparation for post-quantum cryptography as standards evolve.
Keyfactor helped us deliver products at scale because the solution can handle the variance in signing activities – from legacy software to leading-edge IoT systems – all in one consistent way.”
Business Impact
Since adopting Keyfactor, Schneider Electric has strengthened global security and compliance while realizing significant cost savings. Software signing costs were reduced and key ceremony costs dropped by 80%. Schneider also gained a scalable architecture capable of supporting millions of signing events annually without proportional cost increases. The company is now well-positioned to meet current and future regulatory requirements with confidence.
-
Dramatic cost reduction
Schneider achieved a 10x reduction in software signing costs and an 80% decrease in key ceremony expenses.
-
Scalable operations
Keyfactor supports both high-volume daily signing and infrequent firmware releases without added complexity or cost.
-
Compliance and future readiness
Schneider maintains audit-ready compliance with standards like IEC 62443 and is prepared for emerging mandates such as the EU Cyber Resilience Act and post-quantum cryptography.
“By transitioning from our old SaaS software signing solution to Keyfactor, we saw an order of magnitude drop in operating costs. On the firmware side, using EJBCA has cut our key ceremony costs to about one-fifth of what they were before.”
