Zero Trust Foundation for a Global Chemical Distributor

Starting point

A Hamburg-based family enterprise in chemical and plastics distribution with over 50 locations across Europe, the Americas, and Asia was running a legacy network without a unified encryption and authentication concept. With increasing service layers, BYOD devices, and growing automation demands, the existing security model was no longer viable. The objective: a zero trust foundation that secures all internal services and serves as the basis for further AI-driven processes.

What we did

We developed a comprehensive root CA management concept — from the architecture decision through to backup strategy, Microsoft integration, and technical-organizational security measures. The concept covered various PKI hierarchy models, offline CA variants, and HSM options for secure key storage. The result was an implementation-ready recommendation including a disaster recovery plan and organizational governance rules, which the client subsequently rolled out into production in stages.

Results

What we learned

PKI is not a purely technical decision — the architecture choice determines how much operational overhead arises and how resilient the system remains in the event of a compromise. For internationally distributed mid-sized structures, the optimal operating point lies between maximum security and practical operability — and it can only be found when hardware, operations, and organizational reality are considered simultaneously.