In the midst of standardizing and implementing a global mobile device management solution, Equifax, a large consumer credit agency, realized that they were in need of an enterprise public key infrastructure design. This endeavor would provide a resilient certificate infrastructure. As a result, it would establish a chain of trust for all users, devices, and applications. The certificate infrastructure would support their global operations and adapt to internal security policy and industry best practice guidelines.
Initially, the certificate infrastructure would be leveraged for a variety of needs. This included the ability to provide identity, access, and encryption to users and devices. This would occur throughout Equifax and it’s subsidiary networks across multiple active directory domains. What was critical to the client?
- The ability to sign documents for information rights management
- Utilize code signing to verify the authenticity of internal applications
- Allow remote access users to authenticate and renew certificates
With limited resources and expertise to take on this complex project, Equifax partnered with Oakwood to design this PKI utilizing Active Directory Certificate Services and hardware security modules for the storage and management of sensitive encryption key material in accordance with the corporate security policy.
With the assistance of the Equifax Security Team, Oakwood studied the Global Security Policy and developed a design based on the core requirements. Oakwood implemented a 3-tier Enterprise PKI infrastructure. They used Windows Server 2012 AD CS utilizing nSheild Connect HSM for key management and cryptography.
Upon implementing the new PKI, Oakwood worked with Equifax engineers to verify system functionality and configure Issuing CA for compatibility with the third party MDM system. What about documentation? It was maintained and captured during the entire implementation phase of the project. For reference, the documentation also included administration and recovery techniques.
The deployment involved setting up and configuring the following technologies:
- nSheild Connect HSM
- Root Certificate Authority
- Subordinate Certificate Authority
- Enterprise Certificate Authorities
- Certificate Revocation List distribution points
- Online Certificate Signing Protocol servers
- Certificate Web Enrollment services
- 5,000 users and computers were successfully migrated
- We worked across 15 business units
- The project was completed under budget
- Consolidated support, security and communication between corporate and each site team
- Consolidation enabled standardized server platforms, desktop management and a new port level security initiative
- A highly secure MDM environment
- Training and documentation provided by Oakwood
What Can Oakwood Do For You?
Let us tackle your biggest challenges. Reach out to one of our team members and let’s have a discussion around your core needs. Our unique approach and expertise enables better decision making, streamlined operations, and outstanding digital experiences. Let’s partner together and help you clear the way to new growth and a better work environment.
Oakwood Systems Group is a consulting firm developing positive business outcomes for all sized organizations. We provide a broad suite of solutions including application managed services, cybersecurity, cloud solutions, custom software, digital marketing and data analytics. Since 1981, Oakwood has served over 11,000 organizations globally. Partnering with us offers you world-class technologists to architect, deploy, optimize and support your critical IT, security and digital marketing investment. With numerous industry awards, our proven holistic approach offers best-in-class approaches that create measurable business outcomes.
Get started by contacting Oakwood online here. New business inquiries can be directed to 314-824-3000. After business hours, feel free to leave us a message at 800-810-8412. We look forward to serving as your partner alongside your existing IT or Marketing Team, or 3rd party agencies.