How RSA Modernized PKI with Keyfactor’s PKI as a Service

RSA Security was founded in 1982. For over 40 years, it has helped organizations protect data and manage digital identities.

But even with its deep expertise and foundational role in digital security, RSA, like many organizations, faced new challenges in managing its certificate infrastructure – especially as the pace of change and scale of operations increased.

RSA’s PKI environment had gradually evolved into a fragmented mix of legacy systems and manual processes. This created long-term challenges in efficiency, scalability, and management.

As the company scaled and adapted to remote and hybrid work models, the limitations of their existing PKI and certificate management solution became increasingly apparent. Add in mounting technical debt and no centralized way to track and update all certificates, and it was clear that modernization was needed.

“We were struggling with automation,” says Robert Hughes, CISO, RSA Security. “Renewing certificates across less connected or secure networks was especially difficult – and the risk of outages was always looming.”

RSA selected Keyfactor’s PKI as a Service platform to take control of their certificate landscape and offload the heavy lift of managing PKI infrastructure internally.

“We looked at various PKI solutions. What made Keyfactor stand out was their willingness to engage and work with us directly. They really understand our problems and offer solutions. Keyfactor’s now become a trusted partner, working with us closely and really guiding us through the process,” explains Hughes.

Keyfactor’s platform provides the following benefits for RSA:

• Managed PKI infrastructure, eliminating the need to maintain on-prem HSMs, CAs, and servers
• Full certificate lifecycle automation, avoiding certificate outages, reducing human error, and improving operational efficiency
• Integration with Microsoft Intune, enabling secure identity validation for RSA’s remote workforce
• Scalability for future security initiatives, including quantum readiness

With Keyfactor Command alerting, Hughes says they’re finally getting ahead of certificate renewals, giving their teams the access they need and visibility to understand when their certificates will expire.

“Especially as we get to shorter and shorter renewal times – everyone in the industry is looking at 47-day renewals sometime in the future. And that’s a huge challenge for everybody. So we’ve been working with Keyfactor to get through that and make sure that we’re in a good spot when that requirement goes into place,” he adds.

RSA uses PKI to secure over 1,000 corporate devices, primarily for remote access and identity validation. Certificates enable secure VPN access, protect sensitive internal communications, and confirm device trustworthiness through integration with platforms like Microsoft Intune.

“PKI is part of our identity fabric,” says Hughes. “It helps us confirm that a laptop or mobile device is an RSA-issued device – that it’s trusted, managed, and secure.”

With Keyfactor, RSA no longer needs to manually manage renewals or worry about certificate expirations causing downtime. RSA’s teams now have the visibility to keep certificates compliant and up to date, without the daily burden of infrastructure and lifecycle management.

“The combination of managed PKI and certificate lifecycle automation solutions allows us not to worry as much about certificate renewals and day-to-day hassles from the teams,” says Hughes.

With Keyfactor’s solutions, PKI has become a strategic enabler for RSA – powering trusted device identity, seamless access, and always-on security at scale.

Hughes has already seen noticeable improvements with Keyfactor compared to RSA’s previous solution, which he says lacked both the automation and partnership that Keyfactor provides.

While RSA is still early in its implementation journey with Keyfactor, the initial benefits have been clear:

• Improved automation of certificate issuance and renewal
• Reduced operational complexity by offloading backend PKI components
• Better support for remote and hybrid workforces
• Increased visibility into certificate status and expiration timelines

As quantum computing advances toward practical application, RSA is proactively addressing the long-term security challenges it poses.

“There’s definitely uncertainty around when quantum computers will mature enough to break encryption algorithms. But you need to be prepared. And we see Keyfactor as a partner in that journey to ensure that we are quantum-ready in our encryption practice.”

Keyfactor’s commitment to supporting post-quantum cryptography (PQC) standards and providing quantum-ready certificate infrastructure made Keyfactor a strategic fit for RSA’s future plans.

As hidden and unmanaged cryptographic risks remain big concerns, this foundation helps RSA prepare for a smooth transition to quantum-safe algorithms, keeping devices trusted and operations reliable.

RSA’s partnership with Keyfactor reflects a broader shift happening across security-conscious enterprises – moving from legacy PKI systems to modern, managed, and automated solutions.

By embracing PKI as a Service, RSA is not only addressing today’s operational challenges but also laying the foundation for resilient, future-proof encryption practices in a post-quantum world.

“With Keyfactor, we’ve found a partner who understands the complexity of PKI and works alongside us to solve it. That’s what we needed – a team that’s in it with us,” adds Hughes.