Security Magazine logo
search
cart
facebook twitter linkedin youtube
  • Sign In
  • Create Account
  • Sign Out
  • My Account
Security Magazine logo
  • NEWS
    • Security Newswire
    • Technologies & Solutions
  • MANAGEMENT
    • Leadership Management
    • Enterprise Services
    • Security Education & Training
    • Logical Security
    • Security & Business Resilience
    • Profiles in Excellence
  • PHYSICAL
    • Access Management
    • Fire & Life Safety
    • Identity Management
    • Physical Security
    • Video Surveillance
    • Case Studies (Physical)
  • CYBER
    • Cybersecurity News
    • More
  • BLOG
  • COLUMNS
    • Career Intelligence
    • Cyber Tactics
    • Cybersecurity Education & Training
    • Leadership & Management
    • Security Talk
  • EXCLUSIVES
    • Annual Guarding Report
    • Most Influential People in Security
    • The Security Benchmark Report
    • Top Guard and Security Officer Companies
    • Top Cybersecurity Leaders
    • Women in Security
  • SECTORS
    • Arenas / Stadiums / Leagues / Entertainment
    • Banking/Finance/Insurance
    • Construction, Real Estate, Property Management
    • Education: K-12
    • Education: University
    • Government: Federal, State and Local
    • Hospitality & Casinos
    • Hospitals & Medical Centers
    • Infrastructure:Electric,Gas & Water
    • Ports: Sea, Land, & Air
    • Retail/Restaurants/Convenience
    • Transportation/Logistics/Supply Chain/Distribution/ Warehousing
  • EVENTS
    • Industry Events
    • Webinars
    • Solutions by Sector
    • Security 500 Conference
  • MEDIA
    • Interactive Spotlight
    • Photo Galleries
    • Podcasts
    • Polls
    • Videos
      • Cybersecurity & Geopolitical Discussion
      • Ask Me Anything (AMA) Series
  • MORE
    • Call for Entries
    • Classifieds & Job Listings
    • Newsletter
    • Sponsor Insights
    • Store
    • White Papers
  • EMAG
    • eMagazine
    • This Month's Content
    • Advertise
  • SIGN UP!
CybersecurityManagementTechnologies & SolutionsSecurity Enterprise ServicesSecurity Leadership and ManagementLogical SecuritySecurity & Business ResilienceSecurity Education & TrainingCybersecurity News

Business leaders investing in digital security to manage a permanent remote workforce

By Jordan Rackie
The Long and Winding Road to Cyber Recovery
August 12, 2020

COVID-19 has produced an ongoing global health crisis, a recession and drastic business shifts, yet encouragingly finance leaders remain committed to spend that supports digital transformation and security technology.

A recent survey by PwC surveyed hundreds of US-based finance leaders and found that many plan to invest in areas focused on business operations in a post-COVID world. According to the survey, areas of growth and spend include digital transformation, cybersecurity and privacy – all supporting permanent work from home infrastructure.

The nationwide shutdown had most businesses scrambling to ensure their IT infrastructure could support the unplanned move to remote work. Since the shift, leaders are realizing that remote work is efficient and sustainable. In fact, 54 percent of CFOs now view remote working as a permanent workplace option.

 

Digital identity protection paramount to remote workforce security

IT security is a challenge for businesses under normal circumstances. Pre-COVID, research found that leaders and IT professionals were concerned about managing risks related to digital transformation. Just under half of survey respondents said that authenticating and controlling IoT devices was a top strategic priority for their organization’s digital security while 60 percent were adding additional layers of encryption technologies to secure IoT devices.

Today, enterprises face new uncertainties. COVID-19 has rapidly expanded the footprint of mobile devices and remote workers, introducing complex security risks. Public Key Infrastructure (PKI) is a common enterprise IT tool used to secure digital identities across the workforce and all the applications and devices it uses. Every person, machine and application must have a trusted and verified identity; PKI and digital certificates secure connections to those identities behind and beyond the corporate firewall.

PKI deployments have evolved as a secure and cost-effective technology that protects business-critical infrastructure and enables new initiatives from the cloud to the IoT. As businesses pivot to a permanent remote workforce, IT and security leaders must make decisions on how to re-build or re-engineer disjointed and aging PKI environments, and the certificates those systems issue.

 

Build vs. Buy

When it comes to PKI, leaders have two options: build it or move it to the cloud. PKI as-a-Service (PKIaaS) platforms are becoming a popular investment choice that provide all the benefits of a privately rooted PKI, but without the cost and complexity of running it in-house. PKIaaS providers can deliver a much more effective, and ultimately more secure, PKI than most enterprises can achieve on their own.

Regardless of whether the choice is to build or buy, teams must consider six key requirements to ensure in-house or out-sourced PKI success – and digital identity security:

  1. Understand your use cases. The process of architecting a PKI that fits your unique environment and business needs isn’t as easy as you’d think. Start by understanding and thoroughly documenting your intended PKI use cases. This baseline knowledge is key to every step, from architecting the PKI through to deployment.
  2. Define policies and practices. Once you’ve documented your use cases, you’ll need to define your policies and practices, which will guide you through the process of implementing controls for your PKI. Creating these documents can be a daunting task, but it’s important to note that just copying another set of policy and practice documents verbatim will not suffice. These tools only have value if they truly represent your organization’s specific PKI requirements and operational processes. The NIST 7924 Draft CP/CPS can provide a solid starting point, but you’ll need to customize it to your organization.
  3. Perform the root signing ceremony. The Root CA is a security measure that you have control over from the start. Building the root CA (i.e., the root signing ceremony) is akin to creating a “master key” to an organization’s network and should be treated with the same sensitivity. The building and configuration of the root CA should be well scripted in a controlled environment. Depending on the assurance level desired for the PKI, this ceremony will range from an informal execution of a scripting document (low assurance) to a formal recorded event in a pre-authorized location (high assurance).
  4. Build and configure the infrastructure. Create a clear set of build documentation and configuration procedures to identify any gaps and ensure that infrastructure aligns with the policies and practices established earlier. Share and review the plan with other PKI-dependent teams to ensure that you have not missed anything. Before placing the PKI into production, make sure that you’re able to properly test all PKI components, as well as certificates across the various platforms and applications you intend to support.
  5. Transition from test to production. A PKI requires a significant amount of care and feeding to remain functional. This stage can be a dangerous tripping point for security teams who were focused on simply implementing the PKI, but not its ongoing operations. A critical component to PKI operations involves how to incorporate, explain and document changes, also known as change control.
  6. Plan to continuously review, test and audit. Once controls have been documented and operationalized, they must be reviewed and tested on a regular basis. This can be part of an internal audit and should include review and testing of everything listed in your policies and practices, business continuity and disaster recovery plans for all PKI components. Organizations that schedule and conduct their own internal audits regularly can easily identify issues, answer external auditor questions and provide proof of the required level of assurance.

As the permanent remote workforce becomes a reality and investments are reviewed, business continuity, digital transformation and security spending must prioritize digital identity protection. From a business operations perspective, we’re navigating uncharted territory and we need to continue to invest in the battle tested technology that will guide us through to the other side.

KEYWORDS: COVID-19 cyber security digital security IT infrastructure risk management

Share This Story

Looking for a reprint of this article?
From high-res PDFs to custom plaques, order your copy today!

Jordan rackie outside

Jordan Rackie is an expert in developing and leading modern go-to-market teams and strategy, having led multiple companies through large-scale growth. He is currently CEO at Keyfactor, responsible for setting the company vision, driving both top and bottom line results and managing Board relations.

Recommended Content

JOIN TODAY
To unlock your recommendations.

Already have an account? Sign In

  • Cyber tech background

    Security’s Top Cybersecurity Leaders 2026

    Security magazine’s Top Cybersecurity Leaders 2026 award...
    Security Leadership and Management
  • Iintegration and use of emerging tools

    Future Proof Your Security Career with AI Skills

    AI’s evolution demands security leaders master...
    Career Intelligence
    By: Jerry J. Brennan and Joanne R. Pollock
  • The 2025 Security Benchmark Report

    The 2025 Security Benchmark Report

    The 2025 Security Benchmark Report surveys enterprise...
    The Security Benchmark Report
    By: Rachelle Blair-Frasier
Manage My Account
  • Security Newsletter
  • eMagazine Subscriptions
  • Manage My Preferences
  • Online Registration
  • Mobile App
  • Subscription Customer Service

More Videos

Popular Stories

Hand reaching up out of the ocean

What I Learned About Burnout the Hard Way (and How to Actually Fix it)

Broken wet floor sign

Why Response Time Is Becoming the Missing Metric in Workplace Safety and Security

Paparazzi

When Private Events Become Public Infrastructure: What Celebrity OSINT Teaches Security Leaders

Cyber Tactics

AIBOMs: Bringing AI Security Out of the Shadows, A Practical Guide for Security Professionals

Medical professional

Nearly 85% of Nurses Experienced Workplace Violence in the Last Year

Kaseware sponsored webinar
Schneider Electric sponsored webinar

Events

August 25, 2026

Critical Infrastructure Security Is National Security: Protecting Essential Operations in an Era of Escalating Risk

LIVE: August 25, 2026 at 2 PM EDT Learn why critical infrastructure security has become a national security imperative, and the strategies organizations can adopt to improve visibility, collaboration, and response across their security operations.

August 27, 2026

Leveraging AI & Mobility to Advance Your Security Domain

LIVE: August 27, 2026 at 2 PM EDT Explore how AI-driven cloud security solutions can elevate your security domain enhancing threat detection, streamlining operations, and delivering the resilience modern organizations demand.

View All Submit An Event

Products

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

See More Products


Alertmedia sponsored webinar

Related Articles

  • Two people studying documents

    Only 25% of organizations are prepared to manage a DDoS attack

    See More
  • cyber-shield

    Adapting Security to Manage Digital Risk

    See More
  • telecommute

    Survey: Realities of a Remote Workforce Increase Cybersecurity Concerns for Half of All Small Business Owners, But Policies, Training Still Lag

    See More

Related Products

See More Products
  • school security.jpg

    School Security: How to Build and Strengthen a School Safety Program

  • physical security.webp

    Physical Security Assessment Handbook An Insider’s Guide to Securing a Business

  • security culture.webp

    Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

See More Products
×

Sign-up to receive top management & result-driven techniques in the industry.

Join over 20,000+ industry leaders who receive our premium content.

SIGN UP TODAY!
  • RESOURCES
    • Advertise
    • Contact Us
    • Store
    • Want More
  • SIGN UP TODAY
    • Create Account
    • eMagazine
    • Newsletter
    • Customer Service
    • Manage Preferences
  • SERVICES
    • Marketing Services
    • Reprints
    • Market Research
    • List Rental
    • Survey/Respondent Access
  • STAY CONNECTED
    • LinkedIn
    • Facebook
    • YouTube
    • X (Twitter)
  • PRIVACY
    • PRIVACY POLICY
    • TERMS & CONDITIONS
    • DO NOT SELL MY PERSONAL INFORMATION
    • PRIVACY REQUEST
    • ACCESSIBILITY

Copyright ©2026. All Rights Reserved BNP Media, Inc. and BNP Media II, LLC.

Design, CMS, Hosting & Web Development :: ePublishing