Case Study | Equifax PKI Design


Equifax PKI DesignCase Study | Equifax PKI

Business Situation

In the midst of standardizing and implementing a global mobile device management solution, Equifax, a large consumer credit agency, realized that they were in need of an enterprise public key infrastructure design or PKI design.  This endeavor would provide a resilient certificate infrastructure.  As a result, it would establish a chain of trust for all users, devices, and applications.   The certificate infrastructure would support their global operations and adapt to internal security policy and industry best practice guidelines.

Initially, the certificate infrastructure would be leveraged for a variety of needs.  This included the ability to provide identity, access, and encryption to users and devices.  This would occur throughout Equifax and it’s subsidiary networks across multiple active directory domains. What was critical to the client?

  • The ability to sign documents for information rights management
  • Utilize code signing to verify the authenticity of internal applications
  • Allow remote access users to authenticate and renew certificates

Business Challenge

With limited resources and expertise to take on this complex project, Equifax partnered with Oakwood to design this PKI utilizing Active Directory Certificate Services and hardware security modules for the storage and management of sensitive encryption key material in accordance with the corporate security policy.

With the assistance of the Equifax Security Team, Oakwood studied the Global Security Policy and developed a design based on the core requirements. Oakwood implemented a 3-tier Enterprise PKI infrastructure.  They used Windows Server 2012 AD CS utilizing nSheild Connect HSM for key management and cryptography.

Solution

The deployment involved setting up and configuring the following technologies:

  • nSheild Connect HSM
  • Root Certificate Authority
  • Subordinate Certificate Authority
  • Enterprise Certificate Authorities
  • Certificate Revocation List distribution points
  • Online Certificate Signing Protocol servers
  • Certificate Web Enrollment services

PKI Design Results

Upon implementing the new PKI, Oakwood worked with Equifax engineers to verify system functionality and configure Issuing CA for compatibility with the third-party MDM system.  What about documentation?  It was maintained and captured during the entire implementation phase of the project. For reference, the documentation also included administration and recovery techniques.

  • 5,000 users and computers were successfully migrated
  • We worked across 15 business units
  • The project was completed under budget
  • Consolidated support, security, and communication between corporate and each site team
  • Consolidation enabled standardized server platforms, desktop management, and a new port level security initiative
  • A highly secure MDM environment
  • Training and documentation provided by Oakwood

Next Steps

Let us tackle your biggest challenges. Reach out to Oakwood and let’s discuss your business objectives and technology needs.  Please review a few of our business success case studies here.

About Oakwood

Since 1981, Oakwood has been helping companies of all sizes, across all industries, solve their business problems.  We bring world-class consultants to architect, design and deploy technology solutions to move your company forward.   Our proven approach guarantees better business outcomes.  With flexible engagement options, your project is delivered on-time and on budget.  11,000 satisfied clients can’t be wrong.  Let’s have a discussion to learn more about your business needs and goals.


Contact Us

Email

General Questions | Request a Scope of Work
sales@oakwoodsys.com

Charles Windsor | President
cwindsor@oakwoodsys.com
314-824-3004

Phone

♦ 314-824-3000 (St. Louis)

♦ 913-232-4057 (Kansas City)

♦ 800-810-8412 (After Hours)