Empowering Business Security: A Successful PKI Upgrade in a High-Volume Environment

Customer Sitution

The company is listed on the Polish index WIG30. Its main business activities include crude oil production, refining. The company is a leader in the Polish lubricant market. It is a producer of unleaded gasoline, diesel, fuel oils, aviation fuels, motor and industrial lubricants, bitumens, and waxes.

The PKI infrastructure for the client was created and supported by ISCG since the Windows 2003 version of CA. During this phase of the system’s lifecycle, the challenge was to upgrade the entire Public Key Infrastructure without disrupting business processes in a heavily loaded environment.

Partner Solution

To address the client’s requirements, the partner conducted a thorough assessment of the current PKI infrastructure load. They proposed a comprehensive solution based on Microsoft ADCS 2016 to replace the outdated ISCG PKI design. The plan involved migrating the HSM to the newest version, renewing the Root CA and ICA keys, and validating existing certificate templates while creating new ones to meet upcoming digital certificate needs. Remote access to the HSM was enabled, and operational procedures, as well as CP and CPS (Certificate Policy and Certificate Practice Statement), were updated. The PKI monitoring solution was also improved, ensuring better visibility and management of the system.

Key Drivers & Business Objectives

  • Preserving business processes in a heavily loaded infrastructure with limited maintenance windows and numerous dependencies.
  • Fulfilling new security policy requirements.
  • Ensuring the PKI system was up-to-date and secure.
  • Enabling support for advanced cryptography mechanisms.
  • Upgrading the SLA (Service Level Agreement) for the PKI system.

Value Provided & Business Outcomes

The partner’s solution resulted in an up-to-date and secure PKI system for the client. With remote access to HSM, the management of PKI became more efficient. The new PKI service based on Microsoft ADCS 2016 allowed for enhanced capabilities and better performance. By renewing the Root CA and ICA keys, the PKI system’s trustworthiness was maintained. The validation and creation of certificate templates ensured that existing and upcoming digital certificate requirements were met adequately. The update of operational procedures and CP/CPS improved the system’s governance and compliance. Overall, the upgraded PKI system allowed the client to continue their business operations with confidence, ensuring secure communication, data protection, and authentication.

Win Insights

  • Up-to-date secure PKI system
  • Easy way to manage PKI with HSM remote access.
  • Up-to-date
  • Enable support for cryptography mechanisms.
  • Upgraded SLA for PKI system.

Lessons Learned

Through this project, the client gained valuable insights into effectively managing PKI infrastructures in challenging environments with limited maintenance windows. They recognized the crucial importance of staying up-to-date with the latest technologies and best practices, as exemplified by their decision to transition to Microsoft ADCS 2016 R2. The project highlighted the significance of proactive maintenance and renewals to mitigate potential disruptions stemming from expired certificates or unsupported hardware. Effective communication of change management played a pivotal role in the overall success of the project, enabling the client to enjoy a modern and secure PKI system while ensuring business continuity in critical areas of operation.