Is it time to rethink
your Microsoft PKI?
Microsoft PKI – also known as Active Directory Certificate Services (ADCS) – has been a reliable
tool for you over the years, but times have changed. It's time to say goodbye to Microsoft PKI.
The 2000s called,
they want their PKI back
Active Directory Certificate Services (ADCS) was first introduced in
2000. Since then, it’s been an easy choice for teams to manage
public key infrastructure (PKI). However, as companies evolved,
ADCS simply hasn’t kept up. For many organizations, it’s become
more of an operational headache than a benefit.
Say they don’t have enough staff
to deploy and maintain their PKI
Say reducing the complexity of
PKI infrastructure is their #1
The average number of PKI
and CA tools in use across
7 reasons why you should
to Microsoft PKI
It’s no secret – hybrid and multi-cloud are the new norm. 76% of organizations have or plan to adopt a multi-cloud strategy within the next 12 months. Where does ADCS fit into all of this? That’s the problem, it doesn’t. To support cloud-native services like Intune, Azure Key Vault, and Entra ID (Azure AD), you need a new approach.
In today's iT environment, SCEP and Autoenrollment only get you so far. The move to hybrid work, multi-cloud, and DevOps creates a new set of challenges that demand more extensibility, including modern protocols like ACME, EST, CMP, and REST, and pre-built integrations with popular tools.
Without an adequate solution, each team chooses different tools to meet their use case, creating a complex web of PKI that’s impossible to manage. In fact, the average organization now uses more than 9 different PKI and CA tools, creating inefficiency, inconsistency, and infrastructure complexity.
PKI where you need it
Cloud and infrastructure teams need to move fast, run anywhere, and automate as much as possible. That means you need the flexibility to deploy on-prem or in the cloud, as a container or virtual machine, and spin up new CAs and certificates within minutes, not days.
Insecure ADCS deployments were listed in the NSAs Top Ten Cybersecurity Misconfigurations. Modern PKI solutions built on open standards, well-documented guidance, and trusted open-source frameworks help you avoid security risks that arise from misconfiguration or frequent software vulnerabilities.
You need more resources just to keep your PKI running, but it’s a rare skillset, and even if you have it, bandwidth is slim. PKI has come a long way since 2000, offering new turnkey and SaaS-based delivery models that provide the same level of security, without the effort and expense of running it on-premise.
ADCS hasn't seen any major updates since 2012. By shifting to a PKI solution that is continuously developed and supported with new features, you’ll be ready to meet new requirements head on – things like containerization, new industry standards, and even quantum-safe certificates.
Microsoft also recognizes the problems with its legacy approach, but the
proposed alternative is far from a replacement for ADCS. Built only for
Intune, Microsoft Cloud PKI really doesn’t solve a whole lot.
Conversely, it adds to the problem of costly and inefficient PKI silos. It’s
time for a new approach.
The modern alternative
to Microsoft PKI
Switch to EJBCA and experience PKI that deploys fast, runs wherever you do, and goes
beyond Microsoft to support all of your modern applications and use cases.
EJBCA vs Microsoft PKI
*This is a biased overview of capabilities by use case based on publicly available information and customer interviews as of 2023-09-18
Ready to modernize
Migration can be daunting – we understand. That’s
why Keyfactor provides multiple paths to modernize
your PKI, whether it’s a complete replacement, slow
migration over time, or even running in tandem with
your existing PKI to support modern use cases.