Get access to the first-ever State of Machine Identity Management Report

Read the Report
Close

Case Study

Global Accounting Firm Makes PKI a Competitive Advantage

Managed PKI Proves Invaluable for the Firm to Secure More Customers and Comply with Government Regulations

Icon

Industry

Accounting

Icon

Employees

5,000+

Icon

Keyfactor Products

Keyfactor Command, PKI as-a-Service

Icon

Certificates Managing

10,000+

Company Overview

This global public accounting, consulting, and technology firm provides tax, consulting, advisory, and audit services to help clients make informed business decisions. With a presence in more than 130 countries, this firm has one of the world’s largest global accounting networks.

Challenges

One of the firm’s primary objectives centers around the idea of deep specialization, becoming the absolute expert in the services it provides for clients and seeking out the best solutions to run its business to pursue that expertise. Paired with the need for strict compliance around privacy and security regulations, this objective for specialization has had an enormous impact on shaping the firm’s IT operations.

This is particularly true for the firm’s public key infrastructure (PKI) program, which it now views as a competitive advantage. This program has evolved significantly over the years due to the rise of a more mobile workforce and increased digital communications.

According to one of the firm’s systems and storage engineers responsible for PKI, the firm decided to introduce a VPN around 2010, which created the need for certificate-based authentication for employees working offsite. They previously had a small PKI program that involved managing certificates for a handful of banks that required a higher level of security. Still, the introduction of a more mobile workforce required something larger. Ultimately, they introduced an on-premise program, complete with a root CA, issuing CAs and bi-annual signing ceremonies that involved strict security protocols and could span several hours as a result.

As the firm’s workforce became even more mobile over the next several years, they started to outgrow their existing PKI program and its lengthy processes. All of this came to a head when the firm wanted to enable digital signatures on tax returns. They recognized that a strong PKI program would securely support this functionality. However, they also realized they would need a more modern solution to achieve that outcome and continue to deliver the absolute best in security for both their clients and their workforce.

Privacy and data protection are critical elements of the RFPs banks issue these days. So being able to check a box that yes, we do have a managed PKI program is an invaluable part of our response for helping win those deals.”

The search for a new solution that could modernize their PKI program and enable more advanced security around functionality like digital signatures and a growing mobile workforce led the firm to Keyfactor’s cloud-based PKI as-a-Service solution, Keyfactor Command.

The Solution

Five years after their initial implementation, the firm has found enduring value in PKI as-a-Service. This allows them to continue evolving their PKI program as their security needs change over time to maintain compliance with strict regulations and even exceed clients’ expectations.

Since the start of their relationship with Keyfactor, the firm has run its root CA and issuing CAs in the cloud with Keyfactor to quickly issue internal certificates — which happens through a much simpler process than what they ran on-premise. They have also brought externally issued certificates into Keyfactor so the team can manage all certificates from the same platform.

Overall, the firm’s IT operations team responsible for the PKI program notes that this approach makes it significantly easier to manage an ever-growing number of certificates and report upcoming expirations. This has become even more important in light of recent changes from web browsers that require a one-year lifecycle (down from two or three years) on all certificates.

“We now manage over 10,000 certificates, and I can’t imagine trying to do it all in a spreadsheet. We use the discovery portion of Keyfactor Command to retrieve information from all of our endpoints to report on what certificates we have and when they’re going to expire. Keyfactor now reports on 100% of our certificates through this process because we trust it completely to manage everything,” shared the company’s Lead Systems and Storage Engineer.

We now manage over 10,000 certificates, and I can’t imagine trying to do it all in a spreadsheet. We use the discovery portion of Keyfactor Command to retrieve information from all of our endpoints to report on what certificates we have and when they’re going to expire. Keyfactor now reports on 100% of our certificates through this process because we trust it completely to manage everything,” shared the company’s Lead Systems and Storage Engineer.

More recently, Keyfactor has proven itself a powerful solution to help the firm’s IT operations team securely support a DevOps environment. Specifically, the firm now operates in specialized units in development and production to ensure more efficient use of resources and create economies of scale across the organization.

For example, once the development team finishes a new product, the infrastructure team will handle the automated deployment and management, including everything from the servers it will live on to the security measures, like certificates, it will require.

“This approach makes things easier for everyone. It gives our development team time back to focus on development, and it allows our infrastructure team to ensure everything happens like clockwork and that all cost efficiencies and security protocols get accounted for properly,” the engineer adds.

Now, their team can see which products are in the pipeline, identify security requirements and then issue certificates through Keyfactor as needed — all of which happens seamlessly as part of the deployment process.

Having a managed PKI program helps us win more customers and, therefore, generate more revenue. Being right on the letter with government regulations and compliance measures like SOC 2 matter when it comes to our tax and audit services, and Keyfactor helps us achieve that goal.”

The Results

Among the many benefits that Keyfactor has delivered for the firm, the most notable outcome is its competitive advantage over its competition during intensive RFP (request for proposal) processes.

“Having a managed PKI program helps us win more customers and, therefore, generate more revenue. Being right on the letter with government regulations and compliance measures like SOC 2 matter when it comes to our tax and audit services, and Keyfactor helps us achieve that goal.”

Beyond the all-important measure of compliance, the team also points to instances where a strong PKI program and a reliable partner like Keyfactor have helped the firm win new business.

“Privacy and data protection are critical elements of the RFPs banks issue these days. So being able to check a box that yes, we do have a managed PKI program is an invaluable part of our response for helping win those deals.”

Overall, the firm says a strong working relationship powered by a highly responsive support and the deep PKI expertise provided by Keyfactor have contributed to this success.

In terms of support, the IT operations team shares that Keyfactor is highly responsive, providing solutions quickly while keeping them informed about progress along the way. They also offer continuity in this support that has resulted in a strong relationship between the two teams.

I know more about certificates now because of Keyfactor than I had before in my 20+ year IT career. The Keyfactor team is always patient and professional, and they’ve been instrumental to our program as a result. Whenever we have a question, I know I can look to Keyfactor for help and get a definitive answer every single time.”

“I have a relationship with the Keyfactor support team. I usually speak with the support team, and they know me. They remember what happened last time, and because of that, they understand our environment and my questions, even when those questions are less specific. Being able to anticipate what my true question is or what I’m trying to do is an impressive part of Keyfactor’s support program,” one of the team’s engineers adds.

Additionally, he notes that Keyfactor’s strategic guidance has helped shape their PKI program for the better. He concludes: “I know more about certificates now because of Keyfactor than I had before in my 20+ year IT career. The Keyfactor team is always patient and professional, and they’ve been instrumental to our program as a result. Whenever we have a question, I know I can look to Keyfactor for help and get a definitive answer every single time. There have also been cases where they offer us a new way of thinking that helps increase security beyond what we planned. That instills confidence in me because I know I can depend on Keyfactor.”

Find out how the Keyfactor platform can modernize your PKI, prevent
certificate outages, accelerate DevOps security, and more.