Public Key Infrastructure (PKI) is used as a building block to provide key security controls, such as data protection and authentication for organizations. Many organizations operate their own PKI to support things like remote access, network authentication and securing communications.

The threat of compromise to IT infrastructures from attacks is evolving. The motivations behind these attacks are varied, and compromising an organization’s PKI can significantly help an attacker gain access to the sensitive data and systems they are after.

 To help enterprises design PKI and protect it from emerging threats, Microsoft IT has released a detailed technical reference document - “Securing Public Key Infrastructure.”

The document provides recommendations for numerous aspects of PKI, including:

  • Common vectors for PKI compromise
  • Planning cryptographic algorithms and certificate usages
  • Designing physical security
  • Implementing technical controls to secure PKI
  • Protecting PKI artifacts and assets
  • Monitoring PKI for malicious activity
  • Recovering from a compromise

The document is recommended for enterprise security professionals who have responsibility for designing, implementing, maintaining or governing a PKI. The recommendations discussed in the document are largely based on Microsoft’s Information Security and Risk Management (ISRM) organization’s experience, which is accountable for protecting the assets of Microsoft IT and other Microsoft business divisions, and advising a selected number of Microsoft’s Global 500 customers.

I also recommend “Best Practices for Securing Active Directory” - a whitepaper previously released by Microsoft IT to help customers protect their Active Directories. 

Tim Rains
Director
Trustworthy Computing