Fortune 500 Utility Sets Up High Availability Public Key Infrastructure In A Geographically Distributed Environment

How nCipher security expertise and high assurance Hardware Security Modules (HSMs) helped one of the nation’s largest utilities provide strong security while simultaneously enabling new customer services.


The IT team at one of the nation’s largest utility companies set an ambitious goal for themselves and their security infrastructure.


As technology in the energy sector was evolving, they were determined to remain on the leading edge. They needed to ensure they could provide continuous service to their customers while simultaneously preparing their infrastructure for new and demanding technology like Smart Metering and Smart Grid. They wanted to meet and exceed the high security requirements that their auditors and Homeland Security had established. And they wanted to enable new services, like allowing employees and customers to use tablets and smart phones to access the network.

To meet these goals, the utility’s security team planned to migrate to an updated version of public key infrastructure (PKI) software and core server platforms. Their existing PKI, now almost a decade old, had worked well for authenticating internal servers and laptops. But they would need a new solution if they were going to issue certificates for these mobile devices and accommodate other new technologies while ensuring the highest levels of security.

A new PKI would enable new services like code signing and time stamping to ensure the integrity and appropriate governance of their internal software development processes, as well as “bring your own device” (BYOD), where certificate enrollment would allow mobile devices and tablets to access the network in a controlled and secure manner.


The real challenge of this deployment would be in working with the utility’s unique environment. To achieve the high availability, redundancy and disaster recovery functionality they needed, the team would have to deploy the PKI in conjunction with a complex server clustering infrastructure that resided on multiple sites. If they were successful, the utility’s infrastructure would be able to easily meet the demands of the next decade. But little information was available about configuring a PKI in this demanding environment – a few experts suggested it was possible, but it was clearly a daunting task.

Given their security requirements, the team knew the solution would have to include hardware security modules (HSMs). “We knew we needed a certified hardware solution,” reports the utility’s lead security analyst. “We had to ensure that all of our private keys were afforded the strongest protection available – we had read too many stories about private key theft compromising entire PKIs. Our most important priority is delivering services to the public and we had to ensure we could provide the highest assurance available.”


The nCipher solution provides several critical benefits:

  • High availability. The clustered setup and nShield’s resiliency features allow for greater redundancy, including automated failover providing more robust disaster recovery and continuous availability
  • Stronger security. As the company opens the network to more devices, the nCipher HSMs enable stronger authentication through issuance of device certificates. The PKI can issue certificates to all devices, with personal devices having only limited access to the network.
  • Multiple HSM form factors. Using nCipher HSMs allows the company to purchase appropriately-sized hardware for laptops and servers and not be forced to “over-buy”.
  • Smart metering support. As the company rolls out smart metering technology, the solution will ensure the integrity and confidentiality of transmitted data.


To deploy this innovative solution, the company chose a suite of nCipher solutions that included nShield Connect and nShield Edge HSMs and nCipher Time Stamp Server. With a legacy of experience with nCipher products and recognition of their superior combination of strong security with operational ease, the security team knew their nCipher products would provide the configurability and flexibility needed to work in this demanding environment.

The team also relied upon the expertise of consultants in the nCipher Advanced Solutions Group to help structure the deployment. “The nCipher team was amazing,” says the lead security analyst. “Remember, this had never been done before. There were whitepapers out there saying it could be done, but some of the more advanced and complex technology hadn’t been proven in an actual deployment. nCipher provided the enterprise HSMs, taught us how to configure and use them correctly in our specific environment, and helped us put all the pieces together with training. Their consultants were extremely knowledgeable and experienced in PKI technology and their dedication to ensure a successful project was second to none.”

The results? “Our nCipher solution has had a phenomenal impact on operations. Our infrastructure can now support a host of other projects that were pending. And our PKI is doing what it was created to do: not just issuing server certificates, but truly enabling many different kinds of services. We rely on PKI for so many things. And the more you depend on it, the more you need security that is hardware-based.”


The products deployed in this solution include:

nCipher nShield Connect HSM

This high-performance network-attached HSM provides secure cryptographic services as a shared resource for distributed application instances and virtual machines. nShield Connect delivers a cost effective way to ensure appropriate levels of physical and logical control for server-based systems. With nShield Connect, organizations can:

  • Minimize operational costs with powerful key management architecture
  • Maximize utilization and scalability with a shared centralized platform
  • Provide cryptographic protection for network architecture in traditional, virtualized and cloud deployments
  • Overcome the inherent vulnerabilities of software based cryptography

nCipher nShield Edge HSM

This USB-connected HSM provides a cost effective way for organizations to implement high assurance cryptography. With greater portability and USB-connectivity, nShield Edge is especially suitable for laptops and in workstation or desktop environments, and its compact design and integrated smartcard reader makes it a perfect fit for deployments with limited space or where HSMs are used only on occasion.

nCipher Time Stamp Server

This turnkey, network-attached appliance keeps accurate time and provides secure time stamps for record creation, filing and the timing of other events associated with electronic records and applications. Time stamp server protects time-stamping operations in independently certified, tamper-resistant hardware and offers superior time accuracy and auditability.


Visit our website to learn more about our public key infrastructure solutions and other products that can help you secure your digital transformation.


Today’s fast moving digital environment enhances customer satisfaction, gives competitive advantage and improves operational efficiency. It also multiplies the security risks. nCipher Security empowers world-leading organizations by delivering trust, integrity and control to their business critical information and applications.

Our cryptographic solutions secure emerging technologies – cloud, IoT, blockchain, digital payments – and help meet new compliance mandates, using the same proven technology that global organizations depend on today to protect against threats to their sensitive data, network communications and enterprise infrastructure. We deliver trust for your business critical applications, ensuring the integrity of your data and putting you in complete control – today, tomorrow, at all times.

To find out more how nCipher Security can deliver trust, integrity and control to your business critical information and applications, visit