Free Trial

Safari Books Online is a digital library providing on-demand subscription access to thousands of learning resources.

  • Create BookmarkCreate Bookmark
  • Create Note or TagCreate Note or Tag
  • PrintPrint
Share this Page URL
Help

Chapter 24. Deployment Issues and Decisions > In-sourcing versus Out-sourcing

In-sourcing versus Out-sourcing

In-sourcing is when an enterprise decides to deploy its own internal PKI—utilizing its own resources (including personnel, hardware, and so on) and/or hiring external resources to help with any or all of the PKI's internal operation. The key here is that the PKI is under the control of the enterprise. Out-sourcing is when an organization allows an external party to supply and operate some aspects—perhaps even all aspects—of its PKI. In this case, at least some— perhaps all—of the PKI operation is not under the direct control of the enterprise.

Sometimes the decision of whether to in-source or out-source is based purely on economic considerations.[2] However, it is usually much more complicated than that. Not all organizations perceive things the same way, and many factors can affect this decision. For example, some organizations insist on maintaining total control over all aspects of the enterprise, especially anything to do with security and the source of trust associated with offering a particular service. These organizations are usually unwilling to depend on a third-party service provider. On the other hand, some organizations do not consider these factors to be as important with respect to their particular needs. Further, smaller organizations are much more likely to opt for an out-sourcing arrangement due to economic and resource constraints.

[2] There are various degrees of in-sourcing and out-sourcing. For example, an organization may decide to outsource the services of a CA from a third party, but the Registration Authority (RA) function would be retained in-house. As another example, an organization may want total control of the PKI, but it requires external resources to help deploy and operate the PKI. Sometimes done as a transitional step,this enables the organization's internal resources to develop—the goal being to take over complete operation of the PKI at some later time.


  

You are currently reading a PREVIEW of this book.

                                                                                                                    

Get instant access to over $1 million worth of books and videos.

  

Start a Free Trial


  
  • Safari Books Online
  • Create BookmarkCreate Bookmark
  • Create Note or TagCreate Note or Tag
  • PrintPrint