SlideShare une entreprise Scribd logo

Easing the Pains of Certificate Management

Entrust Datacard
Entrust Datacard

This paper analyzes SSL certificates and the growing need for SSL implementation and management. In addition, it identifies many challenges customers face with the management of certificates and the risks that come with improper certificate management. The latest baseline standards created by the Certificate Authority (CA)/Browser forum are also examined with a discussion around why these standards are important. Finally, this paper will present Entrust’s Certificate Management Service (CMS), a solution that Frost & Sullivan believes provides many advantages for organizations’ information security infrastructure.

Technologie
1  sur  15
Télécharger pour lire hors ligne
50 Years of Growth, Innovation and Leadership Easing the Pains of Certificate Management: An Overview of Entrust, the No. 2 Provider of SSL Certificates in the Market A Frost & Sullivan White Paper www.frost.com
Frost & Sullivan Executive Summary ......................................................................................... 3 Introduction .................................................................................................... 4 What are Certificate Authorities and How are SSL Certificates Issued? .................................................................... 5 Privacy and Trust ............................................................................................. 6 The Increasing Need for SSL .......................................................................... 7 Information Security Best Practices and Digital Certificates ......................... 8 The Creation of Best Practices with Digital Certificates ................................. 8 Customer Challenges Managing SSL Certificates ........................................... 9 Multiple Certificate Sources ........................................................................... 9 Managing a Broad Array of Certificates .......................................................... 9 Certificates in an Environment ........................................................................ 9 Unexpected Expiration of Certificates ............................................................ 10 Maintaining Required Encryption Levels ......................................................... 10 Complying with Security Policy or Regulations ............................................... 10 Risk of Data Breach ........................................................................................ 10 Selecting a Certificate Authority—Balancing Value and Trust .......................... 11 Entrust Meets Today’s Challenges.................................................................... 11 Comprehensive Management Platform and Discovery Solutions ..................... 12 Flexible Deployment and Subscription Model ................................................. 13 Personalized Sales and Service ........................................................................ 14 Trusted Security Brand .................................................................................... 14 The Final Word ................................................................................................ 14 CONTENTS
Easing the Pains of Certificate Management EXECUTIVE SUMMARY Digital certificates are an essential piece of an organization’s security infrastructure. The need to secure multiple lines of data transfer is at an all-time high as organizations face the ever-changing methods criminals use to breach an organization. Consumers and end users have always relied on a trusted relation between themselves and the organization providing the content. End users have assumed that a secure line of communication exists. This is achieved through the installation of a digital certificate in the form of a Secure Socket Layer (SSL) digital certificate. SSL certificates, cryptographic protocols that allow for the secure transmission of data over the Internet, are only as strong as the verification process the Certificate Authority performs to authenticate the organization. In 2011, that implicit trust was tested by the attacks and breaches of multiple certificate authorities. While industry participants have gone to great lengths to assure customers that trust has not been affected, the industry has been forced to re-evaluate how business is done. The reliance on Domain Validated certificates, approximately 39 percent of all SSL certificates globally, has been heavily called into question as the means to verify the authenticity of the organization. The need to further authenticate the organization is becoming a required aspect of the trust framework between the organization and the user. This increased authentication is leading more organizations to use Organization Validated and Extended Validated certificates, which as of 2011 were approximately 45 percent and 16 percent, respectively, of all certificates issued globally. SSL is only one type of digital certificate that organizations implement. Other flavors of digital certificates also include code signing, Adobe CDS, and user and managed PKI certificates. All these certificates can be found scattered throughout an organization’s IT environment, leaving administrators with the daunting task of managing all of them. While implementing a certificate in an environment is the first step in securing lines of transfer, it is not enough. Organizations face many challenges after the implementation of a certificate. However, the challenges are not with the certificate itself. One challenge comes from managing all the certificates in an enterprise environment. It is not uncommon for a customer/user to come across an alert warning them of an unsecure site due to being incapable of verifying the validity of the certificate in place. Not only can this disrupt day-to-day operations, but it also can create customer/user confusion on whether to bypass the warning or exit the site, leading to either loss of confidence in the organization or loss of business revenue. Finding and managing multiple certificate types from multiple sources is also a major challenge. This can also become burdensome when an administrator in charge of certificates leaves the company or changes roles. Without a detailed inventory of these certificates, it is more difficult for organizations to manage encryption levels on the certificates, replace non-compliant certificates to comply with security policy or regulations, or assure there are no expired or rogue certificates in the environment. frost.com 3
Frost & Sullivan This paper analyzes SSL certificates and the growing need for SSL implementation and management. In addition, it identifies many challenges customers face with the management of certificates and the risks that come with improper certificate management. The latest baseline standards created by the Certificate Authority (CA)/Browser forum are also examined with a discussion around why these standards are important. Finally, this paper will present Entrust’s Certificate Management Service (CMS), a solution that Frost & Sullivan believes provides many advantages for organizations’ information security infrastructure. INTRODUCTION IT administrators have long struggled with managing their certificates. The challenge does not come just from the implementation of the technology, but from the management of the certificates after they have been implemented. Imagine being an administrator in a large enterprise in charge of thousands of digital certificates without a proper database to know what certificates are available/being used, where they are, what they contain, and when they expire. The threat of stopping business operations due to a rogue or expired certificate can be costly. Whether it is due to change in management or change of responsibilities, the management of digital certificates can become a headache for any IT administrator. Regardless of the size of the organization, the inability to manage hundreds of certificates can result in unexpected expiration of certificates. In realizing this problem, some Certificate Authorities (CAs), such as Entrust, have developed certificate management systems and discovery solutions to scan for and manage all the certificates in a network. In 2011, a hacker named “Comodohacker” claimed responsibility for the breaches of Comodo and DigiNotar. In the case of Comodo, the certificate authority, the hacker spoofed digital certificates for prominent websites through the use of a CA reseller account. With the DigiNotar case, the hacker accessed DigiNotar’s systems, issuing multiple fraudulent certificates. As the certificate authority in charge of the Dutch government’s public key infrastructure, the government was put on full alert of investigating the attack. The company was subsequently shut down. In addition to these attacks, the hacker threatened the possibility of compromising other CAs, which would be a huge blow to the SSL certificate industry. This hit CAs at the core value—trust. These breaches signify that even security vendors can be susceptible to breaches if the proper steps are not in place to proactively safeguard their systems or have a best-practice methodology in place. 4 frost.com
Easing the Pains of Certificate Management WHAT ARE CERTIFICATE AUTHORITIES AND HOW ARE SSL CERTIFICATES ISSUED? The most common digital certificate process consists of vendors and CAs who issue SSL certificates to secure an organization’s or individual’s website and Web server. As defined by the CA/Browser forum, a CA is a trusted third party that issues digital certificates and is the organization responsible for the creation, issuance, revocation, and management of those certificates. 1 CAs manage security credentials and public keys of these certificates. As the authority, CAs are responsible for completing the process of properly validating organizations prior to issuing a certificate. Once ownership of a website is validated, the certificate requested is issued. High-assurance certificates, which are organization and extended validated certificates, may contain information such as: • The name and information identifying the organization issued the certificate • The organization’s public key to encrypt sensitive information • The name of the CA who issued the certificate • A serial number • The certificate’s validity period A SSL certificate is an encryption technology installed on Web servers that allows transmission of sensitive data through an encrypted connection in a browser. SSL certificates ensure any transmission of data will not be compromised or captured by hackers and criminals. When a user makes a request and wants to send sensitive information to the Web server, the browser will access the server’s SSL certificate to obtain its public key to encrypt the data. With its private key, only the server can decrypt the information being sent, which keeps the information confidential and tamper proof. 1 “Frequently Asked Questions - Extended Validation SSL.” CA/Browser Forum. 10 January 2012. http://www.cabforum.org/faq.html frost.com 5
Frost & Sullivan Figure 1—SSL Transmission Process SSL Transmission ProcessSSL Transmission Process Request of secure page Public key and certificate is sent Certificate check—encryption Private key decryption—requested data sent Perhaps more important than the encryption of the channel, SSL certificates also provide various levels of identity assurance to site visitors. According to Frost & Sullivan’s market research, Domain Validated, Organization Validated, and Extended validation certificates accounted for 39 percent, 45 percent and 16 percent, respectively, of certificates issued. 2 DV certificates, the lowest assurance level of SSL certificates, only require the authentication of ownership of a domain in order to be issued, which has led to rapid adoption. However, the issue within the security industry regarding DV certificates is the lack of thoroughly validating the certificate requester. Within the CA breaches of 2011, the types of certificates issued were DV certificates. Entrust, along with many within the market, firmly believe that DV does not offer sufficient authentication. There is much effort put into validating a certificate requester for OV and EV certificates. At minimum, OV certificates require validation of the organization and ownership of the domain. EV certificates require validation of everything from the organization, location of the organization, rights to the domain, to the person requesting the certificate. Before 2011, only EV certificates had associated baseline standards, which were created by the CA/Browser forum. Privacy and Trust The need to secure lines of data transfer and provide identity assurance continues to be a top priority of organizations. As more organizational services and transactions migrate online, organizations must keep sensitive data private and secure. And to ensure site visitors leverage those online services, assuring them of the organizational 2 Martinez, Richard. “Analysis of the SSL Certificate Market.” Frost & Sullivan (1 November 2011): 20. 6 frost.com
Easing the Pains of Certificate Management identity is equally critical. In addition, as enterprises and governments rely more and more on SSL, the number of certificates in use is growing dramatically. Many organizations have multiple providers due to a decentralized purchasing process, which worked when they were dealing with smaller volumes and infrequent requests, but is no longer manageable at current volumes. Trust is a key factor for customers due to issues ranging from breaches to the concern about CAs lacking secure infrastructures/partner resellers. This has made customers take a closer look at which CA they will partner with. One assuring characteristic customers look for is that a CA is WebTrust certified. WebTrust is an independent organization whose certification process is intended to reduce certain business risks and provide a level of assurance to customers. 3 CAs that address principles in regards to security, availability, processing integrity, confidentiality, and privacy receive a WebTrust seal on their SSL Web page, identifying them as trusted vendors. Entrust is recognized as the first CA certified by WebTrust, which resulted in some of their processes and policies becoming the foundation of WebTrust certification. THE INCREASING NEED FOR SSL With businesses relying heavily on online data transactions, criminal efforts are continuing to gain steam. For example, according to McAfee Threats Report: Third Quarter 2011, malware attacks were expected to exceed 70 million samples by the end of 2011. The persistent threats are not slowing down. Through malware exploitation, an external agent can capture data through what is thought of as a secure line. This can occur if either a SSL certificate is not in place or does not have the proper encryption strength in place. Man-in-the-Middle (MitM) attacks were highlighted when valid certificates were issued by Comodo and DigiNotar for prominent domains, such as google.com, and used by criminals. Phishing attacks also continue to be a popular method criminals use to deceive users. In Q3 2011, McAfee reported an average of 2,700 phishing URLs per day. In addition, McAfee reported its findings of 3,500 new sites delivering malware are created per day. MitM attacks are predicted to be a top cybercrime trend in 2012. 4 Overall, it is important to note that in most cases, it is not just one type of attack that occurs in a single attack. Multiple types of attacks build upon each other to steal data or commit fraud. 3 McAfee. “McAfee Threats Report: Third Quarter 2011.” Intel (January 2012): 1-23. 4 RSA, The Security Division of EMC. “RSA 2012 Cybercrime Trends Report: The Current State of Cybercrime and What to Expect in 2012,” EMC Corporation (January 2012): 1-8. frost.com 7
Frost & Sullivan INFORMATION SECURITY BEST PRACTICES AND DIGITAL CERTIFICATES Trust is the core characteristic of the relationship between CAs, digital certificates, organizations and users. For example, organizations rely on SSL certificates to assure users that when they access the organization’s site with an installed certificate, they are visiting the correct site and any information transmitted will be encrypted and safely transmitted. The SSL market was shaken by reports of breaches of several CAs. The CA/Browser forum realized that the lack of regulation of all certificate issuance processes needed to be reviewed. The CA/Browser Forum is a voluntary organization of leading certification authorities and vendors of Internet browser software and other applications. 5 The Creation of Best Practices with Digital Certificates Beginning in July 2012, the CA/Browser forum’s “Baseline Requirements for the Issuance and Management of Publicly Trusted Certificates” will take effect. These requirements are for the operation of certification authorities issuing SSL/TLS digital certificates. After the breaches of 2011, the call for best practices/baseline requirements grew louder within the security community and consumers, alike. The baseline requirements provide clear standards for CAs, including external sub-CAs and registration authorities, on: Entrust is an active participant within the • Verification of identity CA/Browser forum, driving many • Certificate content and profiles initiatives to improve the practice of issuing • CA security digital certificates. • Revocation mechanisms Dr. Tim Moses, an Entrust senior • Use of algorithms and key sizes director, is currently the chairman of the • Audit requirements CA/Browser forum. • Liability, privacy and confidentiality, and delegation Frost & Sullivan applauds the creation of the new baseline requirements created by the CA/Browser forum. As the efforts of hackers continue to become more sophisticated and complex, the business need for baseline requirements to create a best practice methodology is crystal clear. All parties will be positively affected by 5 “CA/Browser Forum Home Page.” CA/Browser Forum. 10 January 2012. http://www.cabforum.org/forum.html 8 frost.com
Easing the Pains of Certificate Management this new methodology. CAs will be safeguarded by the new requirements of business operation, and organizations, especially those with prominent websites, can be assured that criminals trying to create a phishing page or a MitM attack using a certificate will be audited and denied. CUSTOMER CHALLENGES MANAGING SSL CERTIFICATES Accessing a website and getting an error message warning that the connection may not be secure can be confusing for users. There is the question of whether the certificate/website is valid. To a user that is not familiar with the certificate process and life cycle, they will either opt to forgo the website or ignore and bypass the warning. In the case that a user bypasses the warning and the website is in fact a phishing site, a user’s sensitive data can be captured and used by criminals. This is a problem that has plagued organizations. Making matters worse, keeping up with what certificates are in place, where, and how many are installed can be a daunting task for IT administrators if certificates have not been properly documented. Multiple Certificate Sources It is not uncommon for an organization to purchase multiple digital certificates from multiple vendors. However, a problem that many organizations have is keeping track of the expiry date of each certificate. While purchasing certificates from one CA offers the advantage of easily being able to view when a certificate was purchased, this can get cumbersome when working with multiple CAs. Whether it is due to company mergers/acquisitions, better value at a particular time, or the role of an administrator handling the certificate changes, reaching out to multiple CAs to attempt to retrieve information about certificates purchased can become a headache for organizations, leaving room for mistakes. Managing a Broad Array of Certificates In line with managing multiple certificates from multiple CAs, managing the type of certificates in an organization’s environment is very important. As discussed earlier, there are three types of SSL certificates available. Depending on Web page/server specifications laid out, an organization may opt for an OV certificate in one page and an EV certificate in another. As websites develop over time, these requirements could change and more/different types of certificates may be required. In addition, administrators often have more than SSL certificates to manage. Administrators often need to manage code signing certificates, Adobe CDS certificates, user certificates, and managed PKI certificates in addition to SSL certificates. Certificates in an Environment A perk that many organizations take advantage of is purchasing certificates in bulk, rather than buying a certificate just when they need one. In fact, this is a suggested working practice at larger organizations and government entities. The only drawback is frost.com 9
Frost & Sullivan accounting for those certificates. How long has a certificate been deployed? Where is it deployed? Has it been copied to multiple servers? When is its expiration date? How many certificates are left? What is its crypto-strength? These are all questions administrators have when trying to figure out what certificates are in their environment. Unexpected Expiration of Certificates In cases where a digital certificate can stop business operations, a question that comes to mind is, “How could this slip by?” A prime example of a mishap like this occurred in 2010, when the Target.com gift-card site was shut down because it gave a warning that the connection was not trusted. 6 The cause of this incident was an expired certificate. The problem, however, is challenging to avoid since in the absence of a failsafe process to renew a certificate (deploy a new certificate to replace the expiring certificate), the incumbent certificate will expire and potentially cause an outage. Maintaining Required Encryption Levels The strength of encryption in a SSL certificate can be broken up into two categories. A session key is created in the process of a user requesting information from a Web server. Public/private encryption strength is determined when the certificate signing request (CSR) and private key are created. 7 Depending on the level of sensitive data being accessed or processed, an administrator will have to change the encryption strength. However, effective December 31, 2013, 2048-bit key strength will be mandatory for publicly trusted SSL certificates. Complying with Security Policy or Regulations As legislative regulations and company security policies evolve, the need to make these changes in a timely manner is crucial to avoid potential fines or outages. For example, if the encryption levels of certificates on several servers need to be increased on a certain date due to a change in policy, having a tool that automatically sends a notification to administrators of when the change is needed and where the certificates reside helps to ensure organizational compliance. Risk of Data Breach The possibility of a data breach is always on the minds of IT administrators. In addition, a customer accessing an organization’s encrypted website expects that any data entered and transmitted will be safeguarded with proper encryption levels. If the encryption levels of certificates in place do not meet required levels, they can be targeted and cracked by criminals. 6 Schuman, Evan. "Target.com Blocked, SSL Certs Blamed." Web. 10 February 2012. http://storefrontbacktalk.com/securityfraud/target-com-blocked-ssl-certs-blamed 7 “SSL Details.” SSL Shopper. 10 January 2012. http://www.sslshopper.com/ssl-details.html 10 frost.com
Easing the Pains of Certificate Management Selecting a Certificate Authority—Balancing Value and Trust Based on the size of a potential customer and budget limitations, customers are not only looking for the best bang for their buck. They are also looking for a company with a reputable track record with high-assurance certificate offerings. Trust is critical when choosing a CA. For example, if an organization needs switch out of their certificates due to a trust issue with a CA, the expense of certificates, the manpower and the time involved to transition makes this a painful process for organizations. With the talks of commoditization in the SSL certificate market, CAs are relying on their track record and the facts behind that reputation to win over customers. While price points are a major topic of discussion, value features such as types of certificates, helpful tools, and customer service also come into play when a customer makes a decision on choosing a CA provider. ENTRUST MEETS TODAY’S CHALLENGES Entrust is a highly respected certificate authority that focuses on offering only high- assurance SSL certificates, OV and EV, at the enterprise level. With a focus on the enterprise, Entrust is aware of and develops solutions for enterprise-class business needs. This has earned the company a reputation as a highly respected certificate authority and garnered sales in the market. As a result, Entrust currently has the second-largest market share in the total CA market and in the issuance of high-assurance certificates. Figure 2—High-Assurance (Organization and Extended Validated) Certificates Issued Market Share 8 High-Assurance (Organization and Extended Validated) Certificates Issued Market Share 8 8% Symantec 28% Entrust Others* 64% *Others category includes more than 10 other companies that issue high-assurance certificates 8 Ibid., p. 7. frost.com 11
Frost & Sullivan Comprehensive Management Platform and Discovery Solutions Given the challenges that its customers face when it comes to managing all types of certificates, Entrust has raised the bar to develop a comprehensive solution that has the ability to discover and manage all certificate types. The cloud-based CMS enables organizations to efficiently manage their Entrust certificates through: • Administrative delegation and workflow • On-demand services • Audit and reporting tools • A strong verification process • A flexible subscription model Entrust CMS includes a discovery component that eases some of the pain of knowing what certificates are in an organization’s environment. This enables organizations to effectively create an inventory list of their certificates, regardless of certificate type or vendor, but it does not allow management of the certificates. A separate solution, called Entrust Discovery, takes certificate discovery a step further. Entrust Discovery provides organizations with the ability to manage certificate life cycles, regardless of certificate type or vendor, through expiration notifications, inventory lists and policy alerts. This avoids compliance problems, application outages, and management headaches. Figure 3—Certificates Found with Entrust Discovery 9 Certificates Found with Entrust Discovery 9 Miscellaneous CAPI Certificates Certificates Code-Signing Laptop MS CAPI Other—Cold Backups Desktop MS CAPI Entrust Discovery Server All Certificates • Email expiry notifications Certificate Types SSL Server • Policy violations MS CA • Reporting Any CA • Custom data • Single Certificate Interface Source: Entrust 9 “Entrust Certificate Discovery.” Entrust. 10 January 2012. http://www.entrust.net/discovery/index.htm 12 frost.com
Easing the Pains of Certificate Management Flexible Deployment and Subscription Model Entrust offers CMS and Discovery as SaaS cloud solutions, enabling immediate deployment, automatic updates, high availability, excellent performance, and included silver-level support. Entrust also offers an Enterprise model that allows organizations to host the Discovery component on-premise with complete control over their data and application version. The two Discovery deployment models provide an organization with the flexibility and security that fits them best. Figure 4—Entrust Discovery Deployment Models 10 Entrust Discovery Deployment Models10 Service Model Enterprise Model • Immediate Single • Customer deployment E-mail Expiry Certificate premises Notifications Interface • Automatic • Complete manager control updates Policy Custom over data Violations Data • Deployment • Application in secure version environment Reporting control Source: Entrust Entrust also provides its customers the choice of pooling concurrent licenses or non-pooling subscription models. Pooling provides organizations the ability to purchase concurrent licenses and revoke a certificate, returning it to the license repository, with the ability to re-purpose the license as long as the certificate is valid. Non-pooling gives organizations the ability to purchase certificates in terms of unit years. This gives organizations control over certificate purchases, depending on business needs and budget requirements. 10 Ibid., p. 12. frost.com 13
Frost & Sullivan Personalized Sales and Service Entrust has proven in competitive situations that it can offer enterprises high-level certificates to effectively secure their lines of data transfer. Entrust CMS resolves the problems of finding where and what certificates are in an organization’s environment, effectively managing certificate term periods, and offers a compelling balance of value and trust. With a customer renewal rate above 98 percent and best-in-class customer support, Entrust has continuously proven to be a trusted security brand. Trusted Security Brand With approximately 40 percent of Fortune 500 companies using Entrust’s solutions, the company has built a reputation of developing around the needs of the enterprise and addressing those needs efficiently and effectively. The company provides competitively priced solutions without sacrificing quality. Entrust understands that trust is at the core of any security technology, and with consistent 30 percent year-over-year growth, Entrust’s solutions and services are clearly valued by its customers and the security industry. THE FINAL WORD As the methods criminals use to create breaches continue to grow, organizations must be able to secure all lines of data transfer. While it is fairly simple to implement a certificate into an organization’s environment, managing hundreds to thousands of certificates can be difficult. If an application outage occurs due to an expired certificate, the resulting loss of traffic can cost an organization hundreds of thousands to millions of dollars. The need to know where all certificates are implemented, the ability to change encryption levels to comply with regulations, and the ability to manage those certificates must be done efficiently. A comprehensive solution from a trusted vendor with a focus on delivering best-in-class digital certificates is ideal for organizations facing these challenges. Entrust has proven to be a top-ranked certificate authority that focuses on the needs of the enterprise. The company’s continued efforts in developing solutions for enterprise business needs led to the creation of Entrust CMS. Frost & Sullivan believes Entrust CMS is a complete solution that provides customers with a high-value service without a high price tag. 14 frost.com
Silicon Valley San Antonio London 331 E. Evelyn Ave. Suite 100 7550 West Interstate 10, 4, Grosvenor Gardens, Mountain View, CA 94041 Suite 400, London SWIW ODH,UK Tel 650.475.4500 San Antonio, Texas 78229-5616 Tel 44(0)20 7730 3438 Fax 650.475.1570 Tel 210.348.1000 Fax 44(0)20 7730 3343 Fax 210.348.1003 877.GoFrost • myfrost@frost.com http://www.frost.com ABOUT ENTRUST: Entrust provides identity-based security solutions that empower enterprises, consumers, citizens and websites in more than 4,000 organizations spanning 60 countries. Entrust's identity-based approach offers the right balance between affordability, expertise and service. With more than 125 patents granted and pending, these world-class solutions include strong authentication, physical and logical access, credentialing, mobile security, fraud detection, digital certificates, SSL and PKI. www.entrust.net ABOUT FROST & SULLIVAN Frost & Sullivan, the Growth Partnership Company, partners with clients to accelerate their growth. The company's TEAM Research, Growth Consulting, and Growth Team Membership™ empower clients to create a growth-focused culture that generates, evaluates, and implements effective growth strategies. Frost & Sullivan employs over 50 years of experience in partnering with Global 1000 companies, emerging businesses, and the investment community from more than 40 offices on six continents. For more information about Frost & Sullivan’s Growth Partnership Services, visit http://www.frost.com. For information regarding permission, write: Frost & Sullivan 331 E. Evelyn Ave. Suite 100 Mountain View, CA 94041 Auckland Dubai Mumbai Sophia Antipolis Bangkok Frankfurt Manhattan Sydney Beijing Hong Kong Oxford Taipei Bengaluru Istanbul Paris Tel Aviv Bogotá Jakarta Rockville Centre Tokyo Buenos Aires Kolkata San Antonio Toronto Cape Town Kuala Lumpur São Paulo Warsaw Chennai London Seoul Washington, DC Colombo Mexico City Shanghai Delhi / NCR Milan Silicon Valley Dhaka Moscow Singapore

Recommandé

Strong Authentication: Securing Identities and Enabling Business
Strong Authentication: Securing Identities and Enabling BusinessStrong Authentication: Securing Identities and Enabling Business
Strong Authentication: Securing Identities and Enabling Business
SafeNet
 
REMOVAL OF CERTIFICATES FROM SET PROTOCOL USING CERTIFICATELESS PUBLIC KEY CR...
REMOVAL OF CERTIFICATES FROM SET PROTOCOL USING CERTIFICATELESS PUBLIC KEY CR...REMOVAL OF CERTIFICATES FROM SET PROTOCOL USING CERTIFICATELESS PUBLIC KEY CR...
REMOVAL OF CERTIFICATES FROM SET PROTOCOL USING CERTIFICATELESS PUBLIC KEY CR...
IJNSA Journal
 
2020 KringleCon HolidayHack Report - Brazzell
2020 KringleCon HolidayHack Report - Brazzell2020 KringleCon HolidayHack Report - Brazzell
2020 KringleCon HolidayHack Report - Brazzell
Curtis Brazzell
 
Symantec-CWS_Brochure
Symantec-CWS_BrochureSymantec-CWS_Brochure
Symantec-CWS_Brochure
Justyna Majek
 
Isaca e symposium understanding your data flow jul 6
Isaca e symposium understanding your data flow jul 6Isaca e symposium understanding your data flow jul 6
Isaca e symposium understanding your data flow jul 6
Ulf Mattsson
 
Identity federation – Mitigating Risks and Liabilities
Identity federation – Mitigating Risks and Liabilities Identity federation – Mitigating Risks and Liabilities
Identity federation – Mitigating Risks and Liabilities
Guy Huntington
 
The Business Case for Account Lockout Management
The Business Case for Account Lockout ManagementThe Business Case for Account Lockout Management
The Business Case for Account Lockout Management
Netwrix Corporation
 
76 s201923
76 s20192376 s201923
76 s201923
IJRAT
 

Recommandé

Strong Authentication: Securing Identities and Enabling Business
Strong Authentication: Securing Identities and Enabling BusinessStrong Authentication: Securing Identities and Enabling Business
Strong Authentication: Securing Identities and Enabling Business
SafeNet
 
REMOVAL OF CERTIFICATES FROM SET PROTOCOL USING CERTIFICATELESS PUBLIC KEY CR...
REMOVAL OF CERTIFICATES FROM SET PROTOCOL USING CERTIFICATELESS PUBLIC KEY CR...REMOVAL OF CERTIFICATES FROM SET PROTOCOL USING CERTIFICATELESS PUBLIC KEY CR...
REMOVAL OF CERTIFICATES FROM SET PROTOCOL USING CERTIFICATELESS PUBLIC KEY CR...
IJNSA Journal
 
2020 KringleCon HolidayHack Report - Brazzell
2020 KringleCon HolidayHack Report - Brazzell2020 KringleCon HolidayHack Report - Brazzell
2020 KringleCon HolidayHack Report - Brazzell
Curtis Brazzell
 
Symantec-CWS_Brochure
Symantec-CWS_BrochureSymantec-CWS_Brochure
Symantec-CWS_Brochure
Justyna Majek
 
Isaca e symposium understanding your data flow jul 6
Isaca e symposium understanding your data flow jul 6Isaca e symposium understanding your data flow jul 6
Isaca e symposium understanding your data flow jul 6
Ulf Mattsson
 
Identity federation – Mitigating Risks and Liabilities
Identity federation – Mitigating Risks and Liabilities Identity federation – Mitigating Risks and Liabilities
Identity federation – Mitigating Risks and Liabilities
Guy Huntington
 
The Business Case for Account Lockout Management
The Business Case for Account Lockout ManagementThe Business Case for Account Lockout Management
The Business Case for Account Lockout Management
Netwrix Corporation
 
76 s201923
76 s20192376 s201923
76 s201923
IJRAT
 
Certificate Management Made Easy
Certificate Management Made EasyCertificate Management Made Easy
Certificate Management Made Easy
Jason Newell
 
Build and Operate Your Own Certificate Management Center of Mediocrity
Build and Operate Your Own Certificate Management Center of MediocrityBuild and Operate Your Own Certificate Management Center of Mediocrity
Build and Operate Your Own Certificate Management Center of Mediocrity
T.Rob Wyatt
 
Understanding The World Of SSL Certificates.pdf
Understanding The World Of SSL Certificates.pdfUnderstanding The World Of SSL Certificates.pdf
Understanding The World Of SSL Certificates.pdf
WebGuru Infosystems Pvt. Ltd.
 
Impact of digital certificate in network security
Impact of digital certificate in network securityImpact of digital certificate in network security
Impact of digital certificate in network security
rhassan84
 
Impact of digital certificate in network security
Impact of digital certificate in network securityImpact of digital certificate in network security
Impact of digital certificate in network security
rhassan84
 
TierPoint White Paper_With all due diligence_2015
TierPoint White Paper_With all due diligence_2015TierPoint White Paper_With all due diligence_2015
TierPoint White Paper_With all due diligence_2015
sllongo3
 
With-All-Due-Diligence20150330
With-All-Due-Diligence20150330With-All-Due-Diligence20150330
With-All-Due-Diligence20150330
Jim Kramer
 
CCM_WP-9-8-16-v10__MT_GP_Final
CCM_WP-9-8-16-v10__MT_GP_FinalCCM_WP-9-8-16-v10__MT_GP_Final
CCM_WP-9-8-16-v10__MT_GP_Final
Greg Posten
 
A Symantec Advisory Guide Migrating to Symantec™ Validation and ID Protection...
A Symantec Advisory Guide Migrating to Symantec™ Validation and ID Protection...A Symantec Advisory Guide Migrating to Symantec™ Validation and ID Protection...
A Symantec Advisory Guide Migrating to Symantec™ Validation and ID Protection...
Symantec
 
Is web security part of your annual security audit
Is web security part of your annual security auditIs web security part of your annual security audit
Is web security part of your annual security audit
Dianne Douglas
 
COMODO Certificate Manager
COMODO Certificate ManagerCOMODO Certificate Manager
COMODO Certificate Manager
Anita Benett
 
The Hidden Costs of Self-Signed SSL Certificates
The Hidden Costs of Self-Signed SSL CertificatesThe Hidden Costs of Self-Signed SSL Certificates
The Hidden Costs of Self-Signed SSL Certificates
CheapSSLsecurity
 
The Hidden Costs of SelfSigned SSL Certificates
The Hidden Costs of SelfSigned SSL Certificates The Hidden Costs of SelfSigned SSL Certificates
The Hidden Costs of SelfSigned SSL Certificates
RapidSSLOnline.com
 
All About SSL/TLS
All About SSL/TLSAll About SSL/TLS
All About SSL/TLS
RapidSSLOnline.com
 
COMODO- Join the fight against malware!
COMODO- Join the fight against malware!COMODO- Join the fight against malware!
COMODO- Join the fight against malware!
Comodo
 
Reducing Fraud with the Right SSL Certificate in E-Commerce
Reducing Fraud with the Right SSL Certificate in E-CommerceReducing Fraud with the Right SSL Certificate in E-Commerce
Reducing Fraud with the Right SSL Certificate in E-Commerce
RapidSSLOnline.com
 
Understanding Digital Certificates & Secure Sockets Layer
Understanding Digital Certificates & Secure Sockets LayerUnderstanding Digital Certificates & Secure Sockets Layer
Understanding Digital Certificates & Secure Sockets Layer
CheapSSLUSA
 
01-SealSign DSS - Guía de Administración - EN - V 3.1 - Final
01-SealSign DSS - Guía de Administración - EN - V 3.1 - Final01-SealSign DSS - Guía de Administración - EN - V 3.1 - Final
01-SealSign DSS - Guía de Administración - EN - V 3.1 - Final
engineer_02
 
eBook_PKI-AreYouDoingItWrong2022-f.pdf
eBook_PKI-AreYouDoingItWrong2022-f.pdfeBook_PKI-AreYouDoingItWrong2022-f.pdf
eBook_PKI-AreYouDoingItWrong2022-f.pdf
HaNguyenThanh21
 
The Best Practices of Symantec Code Signing - RapidSSLonline
The Best Practices of Symantec Code Signing - RapidSSLonlineThe Best Practices of Symantec Code Signing - RapidSSLonline
The Best Practices of Symantec Code Signing - RapidSSLonline
RapidSSLOnline.com
 
INFOGRAPHIC: Switch to SHA-2 SSL Certificates
INFOGRAPHIC: Switch to SHA-2 SSL CertificatesINFOGRAPHIC: Switch to SHA-2 SSL Certificates
INFOGRAPHIC: Switch to SHA-2 SSL Certificates
Entrust Datacard
 
Switch to SHA-2 SSL - A Step-by-Step Migration Guide
Switch to SHA-2 SSL - A Step-by-Step Migration GuideSwitch to SHA-2 SSL - A Step-by-Step Migration Guide
Switch to SHA-2 SSL - A Step-by-Step Migration Guide
Entrust Datacard
 

Contenu connexe

Similaire à Easing the Pains of Certificate Management

With-All-Due-Diligence20150330
With-All-Due-Diligence20150330With-All-Due-Diligence20150330
With-All-Due-Diligence20150330
Jim Kramer
 
CCM_WP-9-8-16-v10__MT_GP_Final
CCM_WP-9-8-16-v10__MT_GP_FinalCCM_WP-9-8-16-v10__MT_GP_Final
CCM_WP-9-8-16-v10__MT_GP_Final
Greg Posten
 
Is web security part of your annual security audit
Is web security part of your annual security auditIs web security part of your annual security audit
Is web security part of your annual security audit
Dianne Douglas
 
COMODO Certificate Manager
COMODO Certificate ManagerCOMODO Certificate Manager
COMODO Certificate Manager
Anita Benett
 

Similaire à Easing the Pains of Certificate Management (20)

Certificate Management Made Easy
Certificate Management Made EasyCertificate Management Made Easy
Certificate Management Made Easy
 
Build and Operate Your Own Certificate Management Center of Mediocrity
Build and Operate Your Own Certificate Management Center of MediocrityBuild and Operate Your Own Certificate Management Center of Mediocrity
Build and Operate Your Own Certificate Management Center of Mediocrity
 
Understanding The World Of SSL Certificates.pdf
Understanding The World Of SSL Certificates.pdfUnderstanding The World Of SSL Certificates.pdf
Understanding The World Of SSL Certificates.pdf
 
Impact of digital certificate in network security
Impact of digital certificate in network securityImpact of digital certificate in network security
Impact of digital certificate in network security
 
Impact of digital certificate in network security
Impact of digital certificate in network securityImpact of digital certificate in network security
Impact of digital certificate in network security
 
TierPoint White Paper_With all due diligence_2015
TierPoint White Paper_With all due diligence_2015TierPoint White Paper_With all due diligence_2015
TierPoint White Paper_With all due diligence_2015
 
With-All-Due-Diligence20150330
With-All-Due-Diligence20150330With-All-Due-Diligence20150330
With-All-Due-Diligence20150330
 
CCM_WP-9-8-16-v10__MT_GP_Final
CCM_WP-9-8-16-v10__MT_GP_FinalCCM_WP-9-8-16-v10__MT_GP_Final
CCM_WP-9-8-16-v10__MT_GP_Final
 
A Symantec Advisory Guide Migrating to Symantec™ Validation and ID Protection...
A Symantec Advisory Guide Migrating to Symantec™ Validation and ID Protection...A Symantec Advisory Guide Migrating to Symantec™ Validation and ID Protection...
A Symantec Advisory Guide Migrating to Symantec™ Validation and ID Protection...
 
Is web security part of your annual security audit
Is web security part of your annual security auditIs web security part of your annual security audit
Is web security part of your annual security audit
 
COMODO Certificate Manager
COMODO Certificate ManagerCOMODO Certificate Manager
COMODO Certificate Manager
 
The Hidden Costs of Self-Signed SSL Certificates
The Hidden Costs of Self-Signed SSL CertificatesThe Hidden Costs of Self-Signed SSL Certificates
The Hidden Costs of Self-Signed SSL Certificates
 
The Hidden Costs of SelfSigned SSL Certificates
The Hidden Costs of SelfSigned SSL Certificates The Hidden Costs of SelfSigned SSL Certificates
The Hidden Costs of SelfSigned SSL Certificates
 
All About SSL/TLS
All About SSL/TLSAll About SSL/TLS
All About SSL/TLS
 
COMODO- Join the fight against malware!
COMODO- Join the fight against malware!COMODO- Join the fight against malware!
COMODO- Join the fight against malware!
 
Reducing Fraud with the Right SSL Certificate in E-Commerce
Reducing Fraud with the Right SSL Certificate in E-CommerceReducing Fraud with the Right SSL Certificate in E-Commerce
Reducing Fraud with the Right SSL Certificate in E-Commerce
 
Understanding Digital Certificates & Secure Sockets Layer
Understanding Digital Certificates & Secure Sockets LayerUnderstanding Digital Certificates & Secure Sockets Layer
Understanding Digital Certificates & Secure Sockets Layer
 
01-SealSign DSS - Guía de Administración - EN - V 3.1 - Final
01-SealSign DSS - Guía de Administración - EN - V 3.1 - Final01-SealSign DSS - Guía de Administración - EN - V 3.1 - Final
01-SealSign DSS - Guía de Administración - EN - V 3.1 - Final
 
eBook_PKI-AreYouDoingItWrong2022-f.pdf
eBook_PKI-AreYouDoingItWrong2022-f.pdfeBook_PKI-AreYouDoingItWrong2022-f.pdf
eBook_PKI-AreYouDoingItWrong2022-f.pdf
 
The Best Practices of Symantec Code Signing - RapidSSLonline
The Best Practices of Symantec Code Signing - RapidSSLonlineThe Best Practices of Symantec Code Signing - RapidSSLonline
The Best Practices of Symantec Code Signing - RapidSSLonline
 

Plus de Entrust Datacard

IDENTITY PLATFORMS: How central, flexible, deployment of multiple authenticat...
IDENTITY PLATFORMS: How central, flexible, deployment of multiple authenticat...IDENTITY PLATFORMS: How central, flexible, deployment of multiple authenticat...
IDENTITY PLATFORMS: How central, flexible, deployment of multiple authenticat...
Entrust Datacard
 
Zero to ECC in 30 Minutes: A primer on Elliptic Curve Cryptography (ECC)
Zero to ECC in 30 Minutes: A primer on Elliptic Curve Cryptography (ECC)Zero to ECC in 30 Minutes: A primer on Elliptic Curve Cryptography (ECC)
Zero to ECC in 30 Minutes: A primer on Elliptic Curve Cryptography (ECC)
Entrust Datacard
 

Plus de Entrust Datacard (14)

INFOGRAPHIC: Switch to SHA-2 SSL Certificates
INFOGRAPHIC: Switch to SHA-2 SSL CertificatesINFOGRAPHIC: Switch to SHA-2 SSL Certificates
INFOGRAPHIC: Switch to SHA-2 SSL Certificates
 
Switch to SHA-2 SSL - A Step-by-Step Migration Guide
Switch to SHA-2 SSL - A Step-by-Step Migration GuideSwitch to SHA-2 SSL - A Step-by-Step Migration Guide
Switch to SHA-2 SSL - A Step-by-Step Migration Guide
 
INFOGRAPHIC: Securing the Internet of Things
INFOGRAPHIC: Securing the Internet of ThingsINFOGRAPHIC: Securing the Internet of Things
INFOGRAPHIC: Securing the Internet of Things
 
IDENTITY PLATFORMS: How central, flexible, deployment of multiple authenticat...
IDENTITY PLATFORMS: How central, flexible, deployment of multiple authenticat...IDENTITY PLATFORMS: How central, flexible, deployment of multiple authenticat...
IDENTITY PLATFORMS: How central, flexible, deployment of multiple authenticat...
 
Defeating Man-in-the-Browser Malware
Defeating Man-in-the-Browser MalwareDefeating Man-in-the-Browser Malware
Defeating Man-in-the-Browser Malware
 
Zero to ECC in 30 Minutes: A primer on Elliptic Curve Cryptography (ECC)
Zero to ECC in 30 Minutes: A primer on Elliptic Curve Cryptography (ECC)Zero to ECC in 30 Minutes: A primer on Elliptic Curve Cryptography (ECC)
Zero to ECC in 30 Minutes: A primer on Elliptic Curve Cryptography (ECC)
 
INFOGRAPHIC: Why Did Datacard Group Acquire Security Expert Entrust?
INFOGRAPHIC: Why Did Datacard Group Acquire Security Expert Entrust? INFOGRAPHIC: Why Did Datacard Group Acquire Security Expert Entrust?
INFOGRAPHIC: Why Did Datacard Group Acquire Security Expert Entrust?
 
Zero to Dual_EC_DRBG in 30 minutes
Zero to Dual_EC_DRBG in 30 minutesZero to Dual_EC_DRBG in 30 minutes
Zero to Dual_EC_DRBG in 30 minutes
 
Advanced Solutions for Critical Infrastructure Protection
Advanced Solutions for Critical Infrastructure ProtectionAdvanced Solutions for Critical Infrastructure Protection
Advanced Solutions for Critical Infrastructure Protection
 
Entrust Solutions Portfolio
Entrust Solutions PortfolioEntrust Solutions Portfolio
Entrust Solutions Portfolio
 
Entrust Physical & Logical Access Solutions
Entrust Physical & Logical Access SolutionsEntrust Physical & Logical Access Solutions
Entrust Physical & Logical Access Solutions
 
Entrust IdentityGuard Mobile
Entrust IdentityGuard MobileEntrust IdentityGuard Mobile
Entrust IdentityGuard Mobile
 
Entrust Mobile Security Solutions
Entrust Mobile Security SolutionsEntrust Mobile Security Solutions
Entrust Mobile Security Solutions
 
Entrust Enterprise Authentication
Entrust Enterprise AuthenticationEntrust Enterprise Authentication
Entrust Enterprise Authentication
 

Dernier

Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
Principled Technologies
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
sammart93
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
Delhi Call girls
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
Delhi Call girls
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
Earley Information Science
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
UK Journal
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
vu2urc
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Miguel Araújo
 

Dernier (20)

How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
Tech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdfTech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdf
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 

Easing the Pains of Certificate Management

  • 1. 50 Years of Growth, Innovation and Leadership Easing the Pains of Certificate Management: An Overview of Entrust, the No. 2 Provider of SSL Certificates in the Market A Frost & Sullivan White Paper www.frost.com
  • 2. Frost & Sullivan Executive Summary ......................................................................................... 3 Introduction .................................................................................................... 4 What are Certificate Authorities and How are SSL Certificates Issued? .................................................................... 5 Privacy and Trust ............................................................................................. 6 The Increasing Need for SSL .......................................................................... 7 Information Security Best Practices and Digital Certificates ......................... 8 The Creation of Best Practices with Digital Certificates ................................. 8 Customer Challenges Managing SSL Certificates ........................................... 9 Multiple Certificate Sources ........................................................................... 9 Managing a Broad Array of Certificates .......................................................... 9 Certificates in an Environment ........................................................................ 9 Unexpected Expiration of Certificates ............................................................ 10 Maintaining Required Encryption Levels ......................................................... 10 Complying with Security Policy or Regulations ............................................... 10 Risk of Data Breach ........................................................................................ 10 Selecting a Certificate Authority—Balancing Value and Trust .......................... 11 Entrust Meets Today’s Challenges.................................................................... 11 Comprehensive Management Platform and Discovery Solutions ..................... 12 Flexible Deployment and Subscription Model ................................................. 13 Personalized Sales and Service ........................................................................ 14 Trusted Security Brand .................................................................................... 14 The Final Word ................................................................................................ 14 CONTENTS
  • 3. Easing the Pains of Certificate Management EXECUTIVE SUMMARY Digital certificates are an essential piece of an organization’s security infrastructure. The need to secure multiple lines of data transfer is at an all-time high as organizations face the ever-changing methods criminals use to breach an organization. Consumers and end users have always relied on a trusted relation between themselves and the organization providing the content. End users have assumed that a secure line of communication exists. This is achieved through the installation of a digital certificate in the form of a Secure Socket Layer (SSL) digital certificate. SSL certificates, cryptographic protocols that allow for the secure transmission of data over the Internet, are only as strong as the verification process the Certificate Authority performs to authenticate the organization. In 2011, that implicit trust was tested by the attacks and breaches of multiple certificate authorities. While industry participants have gone to great lengths to assure customers that trust has not been affected, the industry has been forced to re-evaluate how business is done. The reliance on Domain Validated certificates, approximately 39 percent of all SSL certificates globally, has been heavily called into question as the means to verify the authenticity of the organization. The need to further authenticate the organization is becoming a required aspect of the trust framework between the organization and the user. This increased authentication is leading more organizations to use Organization Validated and Extended Validated certificates, which as of 2011 were approximately 45 percent and 16 percent, respectively, of all certificates issued globally. SSL is only one type of digital certificate that organizations implement. Other flavors of digital certificates also include code signing, Adobe CDS, and user and managed PKI certificates. All these certificates can be found scattered throughout an organization’s IT environment, leaving administrators with the daunting task of managing all of them. While implementing a certificate in an environment is the first step in securing lines of transfer, it is not enough. Organizations face many challenges after the implementation of a certificate. However, the challenges are not with the certificate itself. One challenge comes from managing all the certificates in an enterprise environment. It is not uncommon for a customer/user to come across an alert warning them of an unsecure site due to being incapable of verifying the validity of the certificate in place. Not only can this disrupt day-to-day operations, but it also can create customer/user confusion on whether to bypass the warning or exit the site, leading to either loss of confidence in the organization or loss of business revenue. Finding and managing multiple certificate types from multiple sources is also a major challenge. This can also become burdensome when an administrator in charge of certificates leaves the company or changes roles. Without a detailed inventory of these certificates, it is more difficult for organizations to manage encryption levels on the certificates, replace non-compliant certificates to comply with security policy or regulations, or assure there are no expired or rogue certificates in the environment. frost.com 3
  • 4. Frost & Sullivan This paper analyzes SSL certificates and the growing need for SSL implementation and management. In addition, it identifies many challenges customers face with the management of certificates and the risks that come with improper certificate management. The latest baseline standards created by the Certificate Authority (CA)/Browser forum are also examined with a discussion around why these standards are important. Finally, this paper will present Entrust’s Certificate Management Service (CMS), a solution that Frost & Sullivan believes provides many advantages for organizations’ information security infrastructure. INTRODUCTION IT administrators have long struggled with managing their certificates. The challenge does not come just from the implementation of the technology, but from the management of the certificates after they have been implemented. Imagine being an administrator in a large enterprise in charge of thousands of digital certificates without a proper database to know what certificates are available/being used, where they are, what they contain, and when they expire. The threat of stopping business operations due to a rogue or expired certificate can be costly. Whether it is due to change in management or change of responsibilities, the management of digital certificates can become a headache for any IT administrator. Regardless of the size of the organization, the inability to manage hundreds of certificates can result in unexpected expiration of certificates. In realizing this problem, some Certificate Authorities (CAs), such as Entrust, have developed certificate management systems and discovery solutions to scan for and manage all the certificates in a network. In 2011, a hacker named “Comodohacker” claimed responsibility for the breaches of Comodo and DigiNotar. In the case of Comodo, the certificate authority, the hacker spoofed digital certificates for prominent websites through the use of a CA reseller account. With the DigiNotar case, the hacker accessed DigiNotar’s systems, issuing multiple fraudulent certificates. As the certificate authority in charge of the Dutch government’s public key infrastructure, the government was put on full alert of investigating the attack. The company was subsequently shut down. In addition to these attacks, the hacker threatened the possibility of compromising other CAs, which would be a huge blow to the SSL certificate industry. This hit CAs at the core value—trust. These breaches signify that even security vendors can be susceptible to breaches if the proper steps are not in place to proactively safeguard their systems or have a best-practice methodology in place. 4 frost.com
  • 5. Easing the Pains of Certificate Management WHAT ARE CERTIFICATE AUTHORITIES AND HOW ARE SSL CERTIFICATES ISSUED? The most common digital certificate process consists of vendors and CAs who issue SSL certificates to secure an organization’s or individual’s website and Web server. As defined by the CA/Browser forum, a CA is a trusted third party that issues digital certificates and is the organization responsible for the creation, issuance, revocation, and management of those certificates. 1 CAs manage security credentials and public keys of these certificates. As the authority, CAs are responsible for completing the process of properly validating organizations prior to issuing a certificate. Once ownership of a website is validated, the certificate requested is issued. High-assurance certificates, which are organization and extended validated certificates, may contain information such as: • The name and information identifying the organization issued the certificate • The organization’s public key to encrypt sensitive information • The name of the CA who issued the certificate • A serial number • The certificate’s validity period A SSL certificate is an encryption technology installed on Web servers that allows transmission of sensitive data through an encrypted connection in a browser. SSL certificates ensure any transmission of data will not be compromised or captured by hackers and criminals. When a user makes a request and wants to send sensitive information to the Web server, the browser will access the server’s SSL certificate to obtain its public key to encrypt the data. With its private key, only the server can decrypt the information being sent, which keeps the information confidential and tamper proof. 1 “Frequently Asked Questions - Extended Validation SSL.” CA/Browser Forum. 10 January 2012. http://www.cabforum.org/faq.html frost.com 5
  • 6. Frost & Sullivan Figure 1—SSL Transmission Process SSL Transmission ProcessSSL Transmission Process Request of secure page Public key and certificate is sent Certificate check—encryption Private key decryption—requested data sent Perhaps more important than the encryption of the channel, SSL certificates also provide various levels of identity assurance to site visitors. According to Frost & Sullivan’s market research, Domain Validated, Organization Validated, and Extended validation certificates accounted for 39 percent, 45 percent and 16 percent, respectively, of certificates issued. 2 DV certificates, the lowest assurance level of SSL certificates, only require the authentication of ownership of a domain in order to be issued, which has led to rapid adoption. However, the issue within the security industry regarding DV certificates is the lack of thoroughly validating the certificate requester. Within the CA breaches of 2011, the types of certificates issued were DV certificates. Entrust, along with many within the market, firmly believe that DV does not offer sufficient authentication. There is much effort put into validating a certificate requester for OV and EV certificates. At minimum, OV certificates require validation of the organization and ownership of the domain. EV certificates require validation of everything from the organization, location of the organization, rights to the domain, to the person requesting the certificate. Before 2011, only EV certificates had associated baseline standards, which were created by the CA/Browser forum. Privacy and Trust The need to secure lines of data transfer and provide identity assurance continues to be a top priority of organizations. As more organizational services and transactions migrate online, organizations must keep sensitive data private and secure. And to ensure site visitors leverage those online services, assuring them of the organizational 2 Martinez, Richard. “Analysis of the SSL Certificate Market.” Frost & Sullivan (1 November 2011): 20. 6 frost.com
  • 7. Easing the Pains of Certificate Management identity is equally critical. In addition, as enterprises and governments rely more and more on SSL, the number of certificates in use is growing dramatically. Many organizations have multiple providers due to a decentralized purchasing process, which worked when they were dealing with smaller volumes and infrequent requests, but is no longer manageable at current volumes. Trust is a key factor for customers due to issues ranging from breaches to the concern about CAs lacking secure infrastructures/partner resellers. This has made customers take a closer look at which CA they will partner with. One assuring characteristic customers look for is that a CA is WebTrust certified. WebTrust is an independent organization whose certification process is intended to reduce certain business risks and provide a level of assurance to customers. 3 CAs that address principles in regards to security, availability, processing integrity, confidentiality, and privacy receive a WebTrust seal on their SSL Web page, identifying them as trusted vendors. Entrust is recognized as the first CA certified by WebTrust, which resulted in some of their processes and policies becoming the foundation of WebTrust certification. THE INCREASING NEED FOR SSL With businesses relying heavily on online data transactions, criminal efforts are continuing to gain steam. For example, according to McAfee Threats Report: Third Quarter 2011, malware attacks were expected to exceed 70 million samples by the end of 2011. The persistent threats are not slowing down. Through malware exploitation, an external agent can capture data through what is thought of as a secure line. This can occur if either a SSL certificate is not in place or does not have the proper encryption strength in place. Man-in-the-Middle (MitM) attacks were highlighted when valid certificates were issued by Comodo and DigiNotar for prominent domains, such as google.com, and used by criminals. Phishing attacks also continue to be a popular method criminals use to deceive users. In Q3 2011, McAfee reported an average of 2,700 phishing URLs per day. In addition, McAfee reported its findings of 3,500 new sites delivering malware are created per day. MitM attacks are predicted to be a top cybercrime trend in 2012. 4 Overall, it is important to note that in most cases, it is not just one type of attack that occurs in a single attack. Multiple types of attacks build upon each other to steal data or commit fraud. 3 McAfee. “McAfee Threats Report: Third Quarter 2011.” Intel (January 2012): 1-23. 4 RSA, The Security Division of EMC. “RSA 2012 Cybercrime Trends Report: The Current State of Cybercrime and What to Expect in 2012,” EMC Corporation (January 2012): 1-8. frost.com 7
  • 8. Frost & Sullivan INFORMATION SECURITY BEST PRACTICES AND DIGITAL CERTIFICATES Trust is the core characteristic of the relationship between CAs, digital certificates, organizations and users. For example, organizations rely on SSL certificates to assure users that when they access the organization’s site with an installed certificate, they are visiting the correct site and any information transmitted will be encrypted and safely transmitted. The SSL market was shaken by reports of breaches of several CAs. The CA/Browser forum realized that the lack of regulation of all certificate issuance processes needed to be reviewed. The CA/Browser Forum is a voluntary organization of leading certification authorities and vendors of Internet browser software and other applications. 5 The Creation of Best Practices with Digital Certificates Beginning in July 2012, the CA/Browser forum’s “Baseline Requirements for the Issuance and Management of Publicly Trusted Certificates” will take effect. These requirements are for the operation of certification authorities issuing SSL/TLS digital certificates. After the breaches of 2011, the call for best practices/baseline requirements grew louder within the security community and consumers, alike. The baseline requirements provide clear standards for CAs, including external sub-CAs and registration authorities, on: Entrust is an active participant within the • Verification of identity CA/Browser forum, driving many • Certificate content and profiles initiatives to improve the practice of issuing • CA security digital certificates. • Revocation mechanisms Dr. Tim Moses, an Entrust senior • Use of algorithms and key sizes director, is currently the chairman of the • Audit requirements CA/Browser forum. • Liability, privacy and confidentiality, and delegation Frost & Sullivan applauds the creation of the new baseline requirements created by the CA/Browser forum. As the efforts of hackers continue to become more sophisticated and complex, the business need for baseline requirements to create a best practice methodology is crystal clear. All parties will be positively affected by 5 “CA/Browser Forum Home Page.” CA/Browser Forum. 10 January 2012. http://www.cabforum.org/forum.html 8 frost.com
  • 9. Easing the Pains of Certificate Management this new methodology. CAs will be safeguarded by the new requirements of business operation, and organizations, especially those with prominent websites, can be assured that criminals trying to create a phishing page or a MitM attack using a certificate will be audited and denied. CUSTOMER CHALLENGES MANAGING SSL CERTIFICATES Accessing a website and getting an error message warning that the connection may not be secure can be confusing for users. There is the question of whether the certificate/website is valid. To a user that is not familiar with the certificate process and life cycle, they will either opt to forgo the website or ignore and bypass the warning. In the case that a user bypasses the warning and the website is in fact a phishing site, a user’s sensitive data can be captured and used by criminals. This is a problem that has plagued organizations. Making matters worse, keeping up with what certificates are in place, where, and how many are installed can be a daunting task for IT administrators if certificates have not been properly documented. Multiple Certificate Sources It is not uncommon for an organization to purchase multiple digital certificates from multiple vendors. However, a problem that many organizations have is keeping track of the expiry date of each certificate. While purchasing certificates from one CA offers the advantage of easily being able to view when a certificate was purchased, this can get cumbersome when working with multiple CAs. Whether it is due to company mergers/acquisitions, better value at a particular time, or the role of an administrator handling the certificate changes, reaching out to multiple CAs to attempt to retrieve information about certificates purchased can become a headache for organizations, leaving room for mistakes. Managing a Broad Array of Certificates In line with managing multiple certificates from multiple CAs, managing the type of certificates in an organization’s environment is very important. As discussed earlier, there are three types of SSL certificates available. Depending on Web page/server specifications laid out, an organization may opt for an OV certificate in one page and an EV certificate in another. As websites develop over time, these requirements could change and more/different types of certificates may be required. In addition, administrators often have more than SSL certificates to manage. Administrators often need to manage code signing certificates, Adobe CDS certificates, user certificates, and managed PKI certificates in addition to SSL certificates. Certificates in an Environment A perk that many organizations take advantage of is purchasing certificates in bulk, rather than buying a certificate just when they need one. In fact, this is a suggested working practice at larger organizations and government entities. The only drawback is frost.com 9
  • 10. Frost & Sullivan accounting for those certificates. How long has a certificate been deployed? Where is it deployed? Has it been copied to multiple servers? When is its expiration date? How many certificates are left? What is its crypto-strength? These are all questions administrators have when trying to figure out what certificates are in their environment. Unexpected Expiration of Certificates In cases where a digital certificate can stop business operations, a question that comes to mind is, “How could this slip by?” A prime example of a mishap like this occurred in 2010, when the Target.com gift-card site was shut down because it gave a warning that the connection was not trusted. 6 The cause of this incident was an expired certificate. The problem, however, is challenging to avoid since in the absence of a failsafe process to renew a certificate (deploy a new certificate to replace the expiring certificate), the incumbent certificate will expire and potentially cause an outage. Maintaining Required Encryption Levels The strength of encryption in a SSL certificate can be broken up into two categories. A session key is created in the process of a user requesting information from a Web server. Public/private encryption strength is determined when the certificate signing request (CSR) and private key are created. 7 Depending on the level of sensitive data being accessed or processed, an administrator will have to change the encryption strength. However, effective December 31, 2013, 2048-bit key strength will be mandatory for publicly trusted SSL certificates. Complying with Security Policy or Regulations As legislative regulations and company security policies evolve, the need to make these changes in a timely manner is crucial to avoid potential fines or outages. For example, if the encryption levels of certificates on several servers need to be increased on a certain date due to a change in policy, having a tool that automatically sends a notification to administrators of when the change is needed and where the certificates reside helps to ensure organizational compliance. Risk of Data Breach The possibility of a data breach is always on the minds of IT administrators. In addition, a customer accessing an organization’s encrypted website expects that any data entered and transmitted will be safeguarded with proper encryption levels. If the encryption levels of certificates in place do not meet required levels, they can be targeted and cracked by criminals. 6 Schuman, Evan. "Target.com Blocked, SSL Certs Blamed." Web. 10 February 2012. http://storefrontbacktalk.com/securityfraud/target-com-blocked-ssl-certs-blamed 7 “SSL Details.” SSL Shopper. 10 January 2012. http://www.sslshopper.com/ssl-details.html 10 frost.com
  • 11. Easing the Pains of Certificate Management Selecting a Certificate Authority—Balancing Value and Trust Based on the size of a potential customer and budget limitations, customers are not only looking for the best bang for their buck. They are also looking for a company with a reputable track record with high-assurance certificate offerings. Trust is critical when choosing a CA. For example, if an organization needs switch out of their certificates due to a trust issue with a CA, the expense of certificates, the manpower and the time involved to transition makes this a painful process for organizations. With the talks of commoditization in the SSL certificate market, CAs are relying on their track record and the facts behind that reputation to win over customers. While price points are a major topic of discussion, value features such as types of certificates, helpful tools, and customer service also come into play when a customer makes a decision on choosing a CA provider. ENTRUST MEETS TODAY’S CHALLENGES Entrust is a highly respected certificate authority that focuses on offering only high- assurance SSL certificates, OV and EV, at the enterprise level. With a focus on the enterprise, Entrust is aware of and develops solutions for enterprise-class business needs. This has earned the company a reputation as a highly respected certificate authority and garnered sales in the market. As a result, Entrust currently has the second-largest market share in the total CA market and in the issuance of high-assurance certificates. Figure 2—High-Assurance (Organization and Extended Validated) Certificates Issued Market Share 8 High-Assurance (Organization and Extended Validated) Certificates Issued Market Share 8 8% Symantec 28% Entrust Others* 64% *Others category includes more than 10 other companies that issue high-assurance certificates 8 Ibid., p. 7. frost.com 11
  • 12. Frost & Sullivan Comprehensive Management Platform and Discovery Solutions Given the challenges that its customers face when it comes to managing all types of certificates, Entrust has raised the bar to develop a comprehensive solution that has the ability to discover and manage all certificate types. The cloud-based CMS enables organizations to efficiently manage their Entrust certificates through: • Administrative delegation and workflow • On-demand services • Audit and reporting tools • A strong verification process • A flexible subscription model Entrust CMS includes a discovery component that eases some of the pain of knowing what certificates are in an organization’s environment. This enables organizations to effectively create an inventory list of their certificates, regardless of certificate type or vendor, but it does not allow management of the certificates. A separate solution, called Entrust Discovery, takes certificate discovery a step further. Entrust Discovery provides organizations with the ability to manage certificate life cycles, regardless of certificate type or vendor, through expiration notifications, inventory lists and policy alerts. This avoids compliance problems, application outages, and management headaches. Figure 3—Certificates Found with Entrust Discovery 9 Certificates Found with Entrust Discovery 9 Miscellaneous CAPI Certificates Certificates Code-Signing Laptop MS CAPI Other—Cold Backups Desktop MS CAPI Entrust Discovery Server All Certificates • Email expiry notifications Certificate Types SSL Server • Policy violations MS CA • Reporting Any CA • Custom data • Single Certificate Interface Source: Entrust 9 “Entrust Certificate Discovery.” Entrust. 10 January 2012. http://www.entrust.net/discovery/index.htm 12 frost.com
  • 13. Easing the Pains of Certificate Management Flexible Deployment and Subscription Model Entrust offers CMS and Discovery as SaaS cloud solutions, enabling immediate deployment, automatic updates, high availability, excellent performance, and included silver-level support. Entrust also offers an Enterprise model that allows organizations to host the Discovery component on-premise with complete control over their data and application version. The two Discovery deployment models provide an organization with the flexibility and security that fits them best. Figure 4—Entrust Discovery Deployment Models 10 Entrust Discovery Deployment Models10 Service Model Enterprise Model • Immediate Single • Customer deployment E-mail Expiry Certificate premises Notifications Interface • Automatic • Complete manager control updates Policy Custom over data Violations Data • Deployment • Application in secure version environment Reporting control Source: Entrust Entrust also provides its customers the choice of pooling concurrent licenses or non-pooling subscription models. Pooling provides organizations the ability to purchase concurrent licenses and revoke a certificate, returning it to the license repository, with the ability to re-purpose the license as long as the certificate is valid. Non-pooling gives organizations the ability to purchase certificates in terms of unit years. This gives organizations control over certificate purchases, depending on business needs and budget requirements. 10 Ibid., p. 12. frost.com 13
  • 14. Frost & Sullivan Personalized Sales and Service Entrust has proven in competitive situations that it can offer enterprises high-level certificates to effectively secure their lines of data transfer. Entrust CMS resolves the problems of finding where and what certificates are in an organization’s environment, effectively managing certificate term periods, and offers a compelling balance of value and trust. With a customer renewal rate above 98 percent and best-in-class customer support, Entrust has continuously proven to be a trusted security brand. Trusted Security Brand With approximately 40 percent of Fortune 500 companies using Entrust’s solutions, the company has built a reputation of developing around the needs of the enterprise and addressing those needs efficiently and effectively. The company provides competitively priced solutions without sacrificing quality. Entrust understands that trust is at the core of any security technology, and with consistent 30 percent year-over-year growth, Entrust’s solutions and services are clearly valued by its customers and the security industry. THE FINAL WORD As the methods criminals use to create breaches continue to grow, organizations must be able to secure all lines of data transfer. While it is fairly simple to implement a certificate into an organization’s environment, managing hundreds to thousands of certificates can be difficult. If an application outage occurs due to an expired certificate, the resulting loss of traffic can cost an organization hundreds of thousands to millions of dollars. The need to know where all certificates are implemented, the ability to change encryption levels to comply with regulations, and the ability to manage those certificates must be done efficiently. A comprehensive solution from a trusted vendor with a focus on delivering best-in-class digital certificates is ideal for organizations facing these challenges. Entrust has proven to be a top-ranked certificate authority that focuses on the needs of the enterprise. The company’s continued efforts in developing solutions for enterprise business needs led to the creation of Entrust CMS. Frost & Sullivan believes Entrust CMS is a complete solution that provides customers with a high-value service without a high price tag. 14 frost.com
  • 15. Silicon Valley San Antonio London 331 E. Evelyn Ave. Suite 100 7550 West Interstate 10, 4, Grosvenor Gardens, Mountain View, CA 94041 Suite 400, London SWIW ODH,UK Tel 650.475.4500 San Antonio, Texas 78229-5616 Tel 44(0)20 7730 3438 Fax 650.475.1570 Tel 210.348.1000 Fax 44(0)20 7730 3343 Fax 210.348.1003 877.GoFrost • myfrost@frost.com http://www.frost.com ABOUT ENTRUST: Entrust provides identity-based security solutions that empower enterprises, consumers, citizens and websites in more than 4,000 organizations spanning 60 countries. Entrust's identity-based approach offers the right balance between affordability, expertise and service. With more than 125 patents granted and pending, these world-class solutions include strong authentication, physical and logical access, credentialing, mobile security, fraud detection, digital certificates, SSL and PKI. www.entrust.net ABOUT FROST & SULLIVAN Frost & Sullivan, the Growth Partnership Company, partners with clients to accelerate their growth. The company's TEAM Research, Growth Consulting, and Growth Team Membership™ empower clients to create a growth-focused culture that generates, evaluates, and implements effective growth strategies. Frost & Sullivan employs over 50 years of experience in partnering with Global 1000 companies, emerging businesses, and the investment community from more than 40 offices on six continents. For more information about Frost & Sullivan’s Growth Partnership Services, visit http://www.frost.com. For information regarding permission, write: Frost & Sullivan 331 E. Evelyn Ave. Suite 100 Mountain View, CA 94041 Auckland Dubai Mumbai Sophia Antipolis Bangkok Frankfurt Manhattan Sydney Beijing Hong Kong Oxford Taipei Bengaluru Istanbul Paris Tel Aviv Bogotá Jakarta Rockville Centre Tokyo Buenos Aires Kolkata San Antonio Toronto Cape Town Kuala Lumpur São Paulo Warsaw Chennai London Seoul Washington, DC Colombo Mexico City Shanghai Delhi / NCR Milan Silicon Valley Dhaka Moscow Singapore