You are the Information Security Officer at a small software company. The organization currently utilizes a Microsoft Server 2008 Active Directory domain administered by a limited number of over-tasked network administrators. The remainder of the organization comprises mostly software developers and a relatively small number of administrative personnel. The organization has decided that it would be in its best interest to use a public key infrastructure (PKI) to provide a framework that fosters confidentiality, integrity, authentication, and nonrepudiation. Email clients, virtual private network products, Web server components, and domain controllers would utilize digital certificates issued by the certificate authority (CA). Additionally, digital certificates would be used to sign software developed by the company to demonstrate software authenticity to the customer.
Write a two to three (2-3) page paper in which you:
1. Identify and analyze the fundamentals of PKI.
2. Analyze positive and negative characteristics of a Public and In-house CA.
3. Provide a sound recommendation for either a Public CA or an In-house CA.