Xero Entrust’s Managed PKI Services

Successful provider of Online Accounting solutions, Xero, was founded in July 2006 and provides a Cloud based Accounting System for small business. The fast growing company is listed on the New Zealand Stock Exchange and the Australian Securities Exchange and has offices in Wellington, Auckland, Melbourne, Sydney, Brisbane, San Francisco, and Milton Keynes (UK). Xero invests heavily to protect customer's sensitive financial information against unauthorised access and system failures.

The organisation employs a Security Officer and dedicated security personnel to ensure data is guarded to the highest level.

The company provides a public API allowing third parties vendors who wish to partner with them to develop and integrate other applications into the Xero Accounting System. "When Xero launched version 2 of our API, we determined that scaling and managing our own CA was placing an unnecessary overhead on the business and that it was best run by a specialist in this area", says Paul Rushworth, Platform Manager at Xero.

Xero chose to implement Entrust's Managed PKI Services as an alternative to running an in-house CA. Additionally Xero moved its SSL Certificates across to Entrust Certificate Management Service (CMS) to manage the deployment, renewal and expiry of web server certificates. Research indicated these solutions, from one vendor, could readily take care of both PKI and SSL certificate management requirements for the company.

In using Entrust for their PKI and CA work Xero are leveraging the capabilities and expertise of a leading security provider. On a day to day basis the API team at Xero, who manage the integration with third party applications and certificate issuance, can do so without requiring operational oversight.

"Having SSL and PKI in one place made good sense. Our previous Certificate Issuer offered limited functionality and did not have an easy to use portal. With Entrust we quickly were able to adopt their system and when required adjust renewals dates, revocations and change certificate names. Having a Wildcard Certificate was a great new option that came from using Entrust, allowing us to use one certificate to secure multiple sub-domains"