Deploying and Using Public Key Technology: Lessons Learned in Real Life

When you think of Johnson & Johnson, images of baby powder and other elements of parenting probably come to mind. The company produces all of these things, along with a wide variety of healthcare products, including pharmaceuticals and medical devices, but it actually consists of more than 200 separately operating companies. Tying together this diverse business environment is a security foundation built on public-key infrastructure (PKI) technology, Coupled with an enterprise-wide identity directory. In this article, we describe that infrastructure, Johnson & Johnson's experience in deploying it, and how the company uses (and plans to use) digital certificates. Most important, we outline some real-world lessons the company learned when deploying PKI.