How Keyfactor helped Privy Reduce Risk while Improving Operational Efficiency and Scalability

Privy is revolutionizing the way people are identified in cyberspace and the way online transactions are carried out. Based on the belief that trusted identities and digital signatures are the foundations of a healthy online transaction ecosystem, Privy has acquired more than 40 million users and more than 3,900 enterprise customers since its founding in 2016. Today, Privy is listed as a Certification Authority (CA) under Indonesia’s Ministry of Communication and Information Technology to issue electronic certificates with the highest level of verification and has a Cooperation Agreement with the Directorate General of Population & Civil Registration to support identity verification services in issuing and using electronic certificates.

Any security professional will tell you about the importance of digital certificates and identity solutions in our modern, digital environment – but once you move beyond the security community, the understanding of just how important these solutions are begins to wane. For a security-focused company like Privy, that’s concerning.

“There was a lack of adoption of digital certificates and identity solutions in Indonesia, which posed a significant concern for Privy,” explains Krishna Chandra, Chief Information Officer at Privy. “It meant there was a higher risk of cybersecurity threats, data breaches, and compromised digital transactions due to insufficient security measures.”

Chandra continues that if a solution that made it easier to adopt digital certificates and manage them throughout their lifecycle remained elusive, consequences could be severe. For example, there would be higher potential for financial losses, reputational damage, and legal implications. In general, the absence of a robust solution would perpetuate a lack of trust in digital transactions – which is exactly what Privy aims to solve. The severity of these consequences fueled Privy’s ambitions to find a solution: One that could change how digital security was perceived and used in Indonesia. According to Chandra, their overarching goal was to create a safer and more secure digital environment.

This goal led Chandra and the Privy team to set clear metrics for success in finding a solution to improve adoption and management of digital certificates:

• Rate of adoption of digital certificates among users and businesses
• Increased understanding of the importance of digital certificates
• Number and significance of partnerships with industry leaders to instill confidence
• Reduction of security incidents or breaches

Achieving these goals required Privy to find a scalable, user-friendly solution that complied with existing regulations and best practices. They also needed access to ongoing monitoring of regulatory compliance and the industry’s perception of their products, as those factors would play a crucial role in determining the success of the solution

The search for a solution led Privy to Keyfactor EJBCA. Chandra says the decision to move forward with Keyfactor was an easy one, as EJBCA immediately stood out as a market-leading software in the PKI industry with a proven track record.

“The specific attributes that swayed our decision included Keyfactor’s robust security features, scalability to meet our growing needs, user-friendly interface, and a track record of successful implementations in similar business environments. EJBCA’s reputation for reliability, comprehensive features, and positive user feedback played a significant role in our decision-making process,” Chandra adds.

Several years after their initial implementation, Privy now considers EJBCA a critical application within its environment that has a direct impact on core business processes. Chandra cites outcomes in several critical areas that have contributed to Privy’s success with Keyfactor:

• Functionality: Automated certificate lifecycle management and key management make it easy to track digital identities and reduce outages.
• Integrations: Seamless integrations with Privy’s existing security infrastructure, services, and tools ensure a cohesive security workflow from end to end.
• Security: Robust security measures provide a trustworthy shield for Privy’s cryptographic assets, aligning with the company’s top priority of safeguarding digital certificates and keys.
• Support: A readily available support team promptly resolves any issues and helps optimize Privy’s platform usage as use cases evolve.
• Scalability: The native ability to scale operations easily meets Privy’s growing demands for an increasing number of certificates and keys.
• Compliance: Support for Privy’s compliance requirements, such as FIPS certification, Webtrust, ISO 27001, and MOCI, simplifies audits and maintains trust.

“Keyfactor helps us enhance operational efficiency, fortify security measures, and adapt seamlessly as our business grows. All of these outcomes align with our overarching goals, helping us establish a secure and resilient digital infrastructure,” Chandra shares.

Implementing Keyfactor EJBCA has resulted in a significant reduction in security incidents and vulnerabilities for Privy. “EJBCA has had a positive impact on our security, efficiency, and compliance,” Chandra reports. “Our operational efficiency has improved notably, leading to faster certificate issuance and reduced management time. We’ve also seen lower operational overhead costs and greater compliance with industry regulations.”

Chandra points to the ability to automate certificate lifecycle management through Keyfactor as a major contributor to these improvements, explaining that the automation has reduced the risk of certificate-related outages and increased the effectiveness of business processes. Additionally, Chandra notes that EJBCA’s comprehensive audit trails and robust security features have significantly eased the burden of compliance audits and given the team new confidence as a result.

Equally as important for the Privy team, Keyfactor has provided a future-proof solution that aligns with the company’s ongoing development goals. “We have been impressed with Keyfactor’s commitment to continuous innovation. Regular updates and feature enhancements reflect their dedication to staying ahead of emerging security challenges and providing cutting-edge solutions,” Chandra explains. “For example, Keyfactor regularly improves cryptographic modules, incorporates new algorithms, and anticipates future changes like quantum PKI and other security advancements.”

The scalability of EJBCA has also proven essential as Privy’s certificate and key management needs have exploded. Chandra specifically calls out the ability to scale while maintaining the highest security standards as a big win for the team.