Entrust CryptoCoE: Enabling enterprises to take command of their crypto instances

Entrust announced its Cryptographic Center of Excellence (CryptoCoE) solutions, providing the tools and resources enterprises need to take command of their crypto instances and PKI systems through best practices that bring together the visibility, expertise and compliance required for a strong crypto strategy.

Digital technologies are transforming the enterprise, from new DevOps practices, cloud and multi-cloud environments to the Internet of Things (IoT). And with this transformation comes new data security challenges.

While IT leaders are rapidly increasing use of cryptography-based solutions like public key infrastructure (PKI) to support identity, authentication and encryption, they are struggling to manage crypto across the enterprise.

Entrust’s 2020 Global PKI and IoT Trends Study found nearly 71 percent of IT leaders struggle to understand where sensitive data resides within their organizations.

“Organizations need to look at ‘encrypt everything’ strategies to protect their enterprises in a zero trust world. Crypto is critical infrastructure that requires expertise, dedicated resources and a set of standards to keep it under control and in compliance.

“Entrust has led the world in cryptographic security solutions for more than 25 years, and now, we’re proud to deliver that expertise to customers with the first Cryptographic Center of Excellence building block solutions,” said Jay Schiavo, Vice President of Entrust Digital Certificate & Signing Solutions.

“Weak crypto often leads to business disruption, which is why our CryptoCoE solutions help enterprises with the expertise, visibility and tools they need to bring hidden crypto and PKI to light and mitigate rising threats.”

Gartner predicts that “by 2021, organizations with crypto-agility plans in place will suffer 60 percent fewer cryptographically related security breaches and application failures than organizations without a plan.”

The Entrust CryptoCoE solution has five building blocks that help achieve crypto and PKI excellence:

  • Crypto Health Check improves overall IT security posture by providing ongoing visibility into a complete cryptographic inventory, expertise and best practices. The Crypto Health Check team scans an organization’s environment to build a cryptographic inventory and scores it against cryptography standards and policies. The data analysis is then turned into an actionable plan with measurable results – arming security, compliance and risk teams with the insights needed to mitigate crypto-related threats and bring hidden crypto into view.
  • Crypto Governance Consulting places an expert-by-your-side to walk your organization through the essential steps of establishing a governance platform.
  • PKI Governance Health Check reviews an organization’s PKI policy documentation and the different roles, processes and policies that they outline. Comparing those policies against best practices, compliance requirements, and business needs, Entrust will deliver actionable recommendations to ensure there are no procedural gaps and that they demonstrate compliance standards for audits.
  • PKI System Health Check assesses the status of the technology and software of an organizations PKI implementation(s). From looking at the equipment and algorithms in use, to documenting architecture and providing recommendations – Entrust experts will guide and assist organizations to ensure their PKI is able to meet their current and future business requirements.
  • PKI Governance Consulting assists organizations setting up a new PKI and defines and documents the policies used to govern their PKI.

“The cryptographic center of excellence does not necessarily have to own and operate all tools,” said David Mahdi and Brian Lowans, Senior Research Directors for Gartner.

“Instead, it should be a central point of control that provides guidance and governance. It must establish an appropriate organizational framework for when central tools must be used and under what circumstances different business units can operate and manage their own systems.”

New infosec products of the week: October 23, 2020

Deepwatch Lens Score: SecOps maturity planning and benchmarking

Deepwatch Lens Score allows CISOs to quickly understand data source collection, active analytics, and what their Maturity Score is today and how to improve it. The powerful app is intuitive and delivers valuable data and insights to CISOs in a few minutes in the palm of their hand.

infosec products October 2020

Entrust launches direct-to-card solution for instant physical and mobile ID issuance

Sigma systems deliver a seamless user experience across the issuance process for desktop and mobile printing needs. It eliminates the frustrations of printer set-up with a modular design and an out-of-the-box implementation that takes less than 30 minutes for users to begin issuing identities.

infosec products October 2020

Splunk helps security teams modernize and unify their security operations in the cloud

Led by new, cloud-centric updates to Splunk Enterprise Security, Splunk Mission Control and the newly announced Splunk Mission Control Plug-In Framework, Splunk’s security operations suite enables Splunk customers to secure their cloud journey and solve their toughest cloud security challenges with data.

infosec products October 2020

Incognia launches fraud detection solution for QR code contactless payments

Incognia’s fraud detection solution for QR code contactless payments uses location behavioral biometrics to verify buyer’s and seller’s real-time and historical location behavior to protect against fake QR codes, account takeovers and use of fake synthetic identities during transactions.

infosec products October 2020

Entrust launches direct-to-card solution for instant physical and mobile ID issuance

Entrust announced the Sigma Instant Desktop Issuance solution, a direct-to-card solution for instant physical and mobile ID issuance.

Designed for both cloud and on-premise deployment, the Sigma solution sets the standard for simple, secure and smart instant ID solutions across enterprise, healthcare, government, higher education and financial institutions.

Today’s enterprises face a myriad of security challenges: From transitioning to digital operations during the pandemic, to managing the global rise in cyber-attacks, they must maintain a safe and secure flow of data − including the data stored on physical credentials.

Within these organizations, Identity and Access Management professionals require a printing solution that is not only easy to integrate into their operations, but one that evolves to meet the growing needs of their company while assuring the highest level of data security.

Sigma systems deliver a seamless user experience across the issuance process for desktop and mobile printing needs. It eliminates the frustrations of printer set-up with a modular design and an out-of-the-box implementation that takes less than 30 minutes for users to begin issuing identities.

Equipped with cloud-based APIs, Sigma systems bring issuance to the cloud without additional hardware — enabling instant printing for both physical IDs, badges and payment cards.

Sigma systems are trusted IoT devices that help ensure organizations and their data are safe with an intelligent network and building connectivity for ultimate enterprise protection.

With capabilities like tactile impressions, holographic and luster panel printing, Sigma printers make it highly difficult for counterfeiters to alter or recreate cards. Additionally, features like an inline magnetic stripe and smart card encoding secure your cards during the card printing process.

“With our Sigma platform, we’re proud to deliver a best-in-class desktop credential issuance solution that’s designed to work completely and securely within a cloud environment, allowing financial, enterprise, government, higher education and healthcare organizations to meet high-volume issuance demands without sacrificing security or ease of use.

“The Sigma system is ready to meet the issuance needs of today, and equally important, will evolve to meet tomorrow’s security and technology challenges with unlimited printing applications,” said Tony Ball, Senior Vice President and General Manager of Instant Issuance at Entrust.

“Entrust has been a pioneer in direct-to-card identity issuance technology for decades, and our Sigma system takes it to a whole new level.”

Sigma systems offer the most advanced security architecture that keeps data protected at each step of the issuance process:

  • Encrypted connections: The connection and data sent between software and the printer are secure and encrypted. Sigma printers do not store customer data after successful printing is complete.
  • Secure boot: This feature prevents Sigma systems from booting up malware or other compromises are detected.
  • Trusted platform module (TPM): Organizations can store and manage user certificates and keys in the printer, allowing the printer to become a trusted internet of things (IoT) endpoint.

As large segments of the workforce continue operating remotely, Sigma systems are poised to meet the demands of a hybrid workforce with its physical and digital issuance platform.

The Sigma system’s “Printer Dashboard” is available on mobile devices, allowing organizations to manage the printer from anywhere, without being tied to a desktop.

Sigma systems also enable companies to pivot and move to a contactless ID Issuance experience, from online photo submission to validating the photo, printing the card, and ultimately delivering the card to the employee.

Furthermore, the on-premises instant ID solution features a mobile enrollment functionality for added flexibility to issue IDs at various locations within a facility. Sigma systems use intelligent instant ID technology to streamline printing and eliminate manual workflows — bringing simplicity, security and flexibility to the issuance process.

“Whether your requirements demand an integrated, secure on-premises solution or a system that can grow with a distributed workforce via a secure cloud-hosted Identity Management offering, the Entrust Sigma solutions can meet your needs,” said Joe Franco, Director of Sales at Capture Technologies, an Entrust channel partner.

“They are browser based and mobile ready and able to be deployed without the need for a heavy client to be installed. The certificate based integrated security features should put to rest any concerns about using the cloud for identity issuance or your printing solution being vulnerable to network attack.”

Entrust Datacard MX Series Card Issuance systems now solving challenges for central issuance providers

Entrust announced new enhancements to the Datacard MX Series Card Issuance systems: the Duplex Drop on Demand Printing module; and new Metal Card Input and Metal Card Output modules.

The enhancements build upon Entrust’s position as a leader in developing the core technologies needed to keep the world moving safely, while also highlighting the company’s commitment to providing customers with the scalability and flexibility needed to meet evolving business needs.

Card issuers are looking for advanced printing technologies to revolutionize the wallet. Entrust’s new solutions raise the bar on what consumers can expect from the latest payment cards and IDs – from high-security, personalization and vivid graphics to sought-after form factors like flat and metal cards.

“Central issuance providers need personalization systems that give them the flexibility to meet evolving customer requirements for best-in-class flat card or identity programs, while still maintaining consistent personalization capabilities and ease of maintenance,” said Dan Good, vice president, credential issuance solutions at Entrust.

“Card issuers are caught between offering a variety of personalization capabilities for their customers and space constraints on the production floor. With these enhanced Datacard modules, card issuers can enhance and extend their high-quality services with less equipment and less space – at a lower overall cost.”

Built with mid-sized organizations in mind

Entrust’s new Duplex Drop on Demand (DoD) Printing module for the MX Series systems joins the DoD Printing Module Gen 2 in offering monochrome, color or clear printing of flat elements to personalize both sides of the card in a single module.

The Duplex DoD Printing module is offered on the Datacard MX6100 Card Issuance system and the Datacard MX8100 Card Issuance system. Leveraging decades of industry expertise, the module is engineered to allow organizations with space-constraints to easily integrate DoD technology with a system that delivers consistent card printing capabilities.

Duplex DoD Printing systems include patented technology enabling the personalization of both sides of the card within a single module, which helps reduce cost and footprint of the Duplex DoD Printing solution. When the module is installed in an MX8100 system, the system will run duplex jobs at 2,000 card per hour (cph).

Issuers can affordably grow their capability as their volumes grow by installing a second DoD Printing module to achieve 3,000 cph. Designed with trust and security in mind for financial card and government ID programs, the system features beltless card handling that ensures data integrity from the first to the last card in the job.

Support metal card programs with ease

Today’s financial institutions are looking for ways to make an impression, increasing demand for innovative payment card designs made with high-quality material such as metal.

Entrust released a new Metal Card Input module and Metal Card Output module that offer the flexibility to support personalization of metal cards on the same Datacard MX Series systems that also support PVC cards.

The modules support a variety of metal cards available in the market, and offer card issuers an easy-to-implement, affordable addition to any card program without the need for standalone systems that require additional space.

2020 brings unique levels of PKI usage challenges

Organizations are rapidly increasing the size, scope and scale of their data protection infrastructure, reflected in dramatic rises in adoption of public key infrastructure (PKI) across enterprises worldwide, according to Entrust research.

PKI usage

PKI is at the core of nearly every IT infrastructure, enabling security for critical digital initiatives such as cloud, mobile device deployment, identities and the IoT.

The annual study is based on feedback from more than 1,900 IT security professionals in 17 countries.

IoT, authentication and cloud, top drivers in PKI usage growth

As organizations become more dependent on digital information and face increasingly sophisticated cyberattacks, they rely on PKI to control access to data and ascertain the identities of people, systems and devices on a mass scale.

IoT is the fastest growing trend driving PKI application deployment, up 26 percent over the past five years to 47 percent in 2020, with cloud-based services the second highest driver cited by 44 percent of respondents.

PKI usage surging for cloud and authentication use cases

TLS/SSL certificates for public-facing websites and services are the most often cited use case for PKI credentials (84 percent of respondents).

Public cloud-based applications saw the fastest year-over-year growth, cited by 82 percent, up 27 percent from 2019, followed by enterprise user authentication by 70 percent of respondents, an increase of 19 percent over 2019. All underscore the critical need of PKI in supporting core enterprise applications.

The average number of certificates an organization needs to manage grew 43 percent in the 2020 study over the previous year, from 39,197 to 56,192 certificates, highlighting a pivotal requirement for enterprise certificate management.

The rise is likely driven by the industry transition to shorter certificate validity periods, and the sharp growth in cloud and enterprise user authentication use cases.

Challenges, change and uncertainty

The study found that IT security professionals are confronting new challenges to enabling applications to use PKI. 52 percent cited lack of visibility of an existing PKI’s security capabilities as their top challenge, an increase of 16 percent over the 2019 study.

This issue underscores the lack of cybersecurity expertise available within even the most well-resourced organizations, and the need for PKI specialists who can create custom enterprise roadmaps based on security and operational best practices.

Respondents also cited inability to change legacy applications and the inability of their existing PKIs to support new applications as critical challenges – both at 51 percent.

When it comes to deploying and managing a PKI, IT security professionals are most challenged by organizational issues such as no clear ownership, insufficient skills and insufficient resources.

PKI deployment figures from the study clearly indicate a trend toward more diversified approaches, with as-a-service offerings even becoming more prevalent than on-premise offerings in some countries.

The two greatest areas of PKI change and uncertainty come from new applications such as IoT (52 percent of respondents) and external mandates and standards (49 percent). The regulatory environment is also increasingly driving deployment of applications that use PKI, cited by 24 percent of respondents.

Security practices have not kept pace with growth

In the next two years, an estimated average of 41 percent of IoT devices will rely primarily on digital certificates for identification and authentication. Encryption for IoT devices, platforms and data repositories, while growing, is at just 33 percent – a potential exposure point for sensitive data.

Respondents cited several threats to IoT security, including altering the function of IoT devices through malware or other attacks (68 percent) and remote control of a device by an unauthorized user (54 percent).

However, respondents rated controls relevant to malware protection – like securely delivering patches and updates to IoT devices – last on a list of the five most important IoT security capabilities.

The US National Institute of Standards and Technology (NIST) recommends that cryptographic modules for certificate authorities (CAs), key recovery servers and OCSP responders should be validated to FIPS 140-2 level 3 or higher.

Thirty-nine percent of respondents in this study use hardware security modules (HSMs) to secure their PKIs, most often to manage the private keys for their root, issuing, or policy CAs. Yet only 12 percent of respondents indicate the use of HSMs in their OSCP installations, demonstrating a significant gap between best practices and observed practices.

“PKI underpins the security of both the business and the consumer world, from digitally signing transactions and applications to prove the source as well as integrity, to supporting the authentication of smart phones, games consoles, citizen passports, mass transit ticketing and mobile banking, says Larry Ponemon, founder of the Ponemon Institute.

“The 2020 Global PKI and IoT Trends Study shows a surge in the use of PKI credentials for cloud-based applications and enterprise user authentication, underscoring the criticality of PKI in supporting core enterprise applications.”

“We are seeing increasing reliance on PKI juxtaposed with struggles by internal teams to adapt it to new market needs — driving changes to traditional PKI deployment models and methods,” says John Grimm, vice president strategy for digital solutions at Entrust.

“In newer areas like IoT, enterprises are clearly failing to prioritize security mechanisms like firmware signing that would counter the most urgent threats, such as malware.

“And with the massive increase in certificates issued and acquired found in this year’s study, the importance of automated certificate management, a flexible PKI deployment approach, and strong best practice-based security including HSMs has never been greater.”

75% of cardholders prefer contactless cards to other payment methods

Based on responses from 1,000 U.S. cardholders who are familiar with contactless credit/debit card or “tap and pay” technology, a new Entrust Datacard survey reveals that 75% of U.S.-based payment cardholders prefer contactless cards as their primary payment method over chip insert, card swipe, mobile pay and cash.

OPIS

Contactless cards are here to stay

According to the survey’s results, 83% of respondents believe contactless cards are here to stay and 61% believe it’s at least somewhat of a priority to have a contactless feature on their credit or debit card. This prioritization is most prominent among Gen Z, Millennials and Gen X when compared to Baby Boomers.

In fact, 20% of Boomers reported they never use the contactless payment feature on their debit or credit card when making a purchase while this percentage is less than 10% for each of the other respective generations.

However, while contactless cards are gaining momentum with many in the U.S., the majority of consumers are still unaware of their card replacement options should they not have a contactless chip, or the card is lost or stolen.

Time for banks to educate their customers

With respondents citing sanitation (70%) and speed (67%) as benefits of contactless cards, now is the opportune time for banks to educate their customers on the benefits of replacing their card with a contactless card from their bank.

“As many Americans deal with financial setbacks and heightened concerns around health and safety in the face of COVID-19, the value we are placing on contactless payments has increased markedly,” said Tony Ball, senior vice president for instant payment card issuance at Entrust Datacard.

“Consumers want the ability to shop at their convenience, but also want to minimize personal contact with point of sale devices. Contactless cards are rising in popularity as a result.”

For faster card replacement, visiting a branch is best

Out of the 71% of respondents who cited losing their payment card, 84% notified their bank via phone while only 22% visited a physical bank branch in hopes of getting a replacement card right away.

73% of respondents who notified the bank by phone had to wait 1-7 days for a new card to be delivered by mail. By contrast, 58% of respondents who notified the bank at the branch got a new card instantly.

Instant payment card issuance unawareness

Despite contactless cards growing in popularity, many consumers are unaware of whether or not their banks or credit unions offer instant issuance or replacement of contactless debit or credit cards.

According to the results, 64% of respondents said their banks offer instant card issuance and replacement (63%), yet around one-fourth were unsure of whether their bank offered these options (27% and 24%, respectively) suggesting both an education and marketing opportunity for banks on card issuance solutions.

Home workplaces introduce new risks, poor password hygiene

Entrust Datacard released the findings of its survey which highlights the critical need to address data security challenges for employees working from home as a result of the pandemic based on responses from 1,000 US full-time professionals.

home workplaces password hygiene

As social distancing mandates took effect in March 2020, employers found themselves in a massive remote work experiment, testing their cybersecurity readiness. Home workplaces introduce new risks as many employees find themselves distracted and are using personal devices to connect to corporate resources.

Bad actors have taken advantage – there was a 350 percent increase in phishing attacks in March, according to Google data.

Home workplaces and password hygiene

When it comes to home workplaces, password hygiene is of the utmost importance. Despite this, the survey found that an astounding 42 percent of employees surveyed still physically write passwords down, 34 percent digitally capture them on their smartphones and 27 percent digitally capture them on their computers.

Additionally, nearly 20 percent of the employees are using the same password across multiple work systems, multiplying the risk of sensitive data if a password is compromised or stolen.

“While many employees are set up to work securely by their employers, they continue to seek simplicity, even if that means insecure password practices and higher risk. As organizations continue to support employees working from home, it’s clear that they need to ramp up cybersecurity training and technology,” said James LaPalme, Vice President & General Manager of Authentication Solutions at Entrust Datacard.

“Encryption combined with advanced authentication, including passwordless solutions that leverage smartphone biometrics, can deliver the frictionless experience employees seek and the confidence organizations require. These solutions will one day make World Password Day obsolete and I don’t think employees or employers will miss it.”

In addition to password practices, the survey revealed several insights into employee sentiment toward remote work and cybersecurity.

Nearly half of workers are receiving COVID-related phishing emails

Employees surveyed are well aware both of phishing scams in general (82 percent) and of phishing scams specifically related to COVID-19 (81 percent) – in fact, 45 percent say they have received a COVID-19-related email from an unknown sender.

Despite this high awareness, roughly one-quarter (24 percent) of employees say they’ve clicked on a link from an unknown sender before determining their legitimacy, while just 36 percent deleted the email and only 12 percent reported the email.

Workers not set up properly for good cyber-hygiene while remote

The majority of employees surveyed (63 percent) are connecting to their company’s VPN during this time, yet they are using unique passwords to access different company resources (64 percent), rather than a more secure solution like single sign on with multifactor authentication.

Anxiety and inadequate technology as key remote work challenges

Most employees (59 percent) surveyed find it more difficult to get their work done while working remotely during the pandemic. Of those who said it’s more difficult, 26 percent are finding it much more difficult.

External distractions, COVID-19 related anxiety and inadequate amenities (i.e. slow internet) are the top three-cited reasons for this heightened difficulty. Additionally, remote workers in education, government, healthcare and manufacturing cite the challenge of work duties that do not always translate to remote work.

Remote workers are sharing devices with family members

While working from home under stay-at-home orders, 36 percent of employees surveyed are using one or more personal devices to access company files — these create opportunities for employees to make use of shadow IT, creating risks (i.e., phishing, malware, DDoS).

Moreover, 29 percent of those using one or more personal devices to work share that device with other members of their household, creating further risk.

Consumers are skeptical their personal data is safe

Survey respondents feel less confident about their security when handling personal business. Sixty-eight percent of respondents are doing more personal business online during the pandemic, including shopping, banking and social media, and more than half (58 percent) are skeptical of the level of security provided by these online vendors and service providers.

Employees — particularly Gen Z — don’t expect a return to the office as usual

Social distancing mandates have forced employers to embrace remote work, and employees to rethink their expectations. Forty-four percent of all respondents expect to work from home either more frequently (33 percent) or permanently (11 percent).

These percentages are markedly higher among Gen Z (ages 18-23) employees, fully half of whom (50 percent) do not anticipate a return to work as usual.

New infosec products of the week: April 17, 2020

NeuVector adds to container security platform, automates end-to-end vulnerability management

The platform additions include the new Vulnerability and Compliance Explorer for quickly investigating, prioritizing, reporting, and mitigating potentially damaging vulnerability and compliance issues. High performance large-registry scanning and enhanced host (node) security processes have also been added.

infosec products April 2020

Corsa Security Orchestrator: Intelligent orchestration and management of virtual NGFW arrays

Corsa Security Orchestrator offers a single-pane-of-glass view, enabling network security professionals to quickly and easily add more firewall capacity as their traffic inspection needs grow, without having to configure multiple elements.

infosec products April 2020

ZeroFOX’s AI-powered platform now includes security for Zoom and Slack

ZeroFOX Enterprise Remote Workforce Protection offers advanced threat protection for both Zoom and Slack, cloud-based applications required by organizations in today’s work from home world. Advanced Security for Zoom ensures the organization has secure video conferencing and collaboration, free from Zoombombing and other security issues. Advanced Security for Slack automates how organizations establish compliance and inline protection within the team collaboration application.

infosec products April 2020

Entrust Datacard unveils a single portal to discover, control and automate certificate management

The Entrust Datacard Certificate Hub allows customers to find, control and automate their public and private certificate deployments via a single pane of glass. Organizations using Entrust Datacard Certificate Hub gain visibility and management across their Entrust Datacard private and publicly trusted CAs, as well as Microsoft CAs.

infosec products April 2020

SentinelOne launches new customizable dashboards and reporting capabilities

SentinelOne announced new customizable dashboards and reporting capabilities making SentinelOne the center of enterprise security operations. The new capabilities enable organizations to extract maximum value from security data and provide unprecedented context into the state of security operations as well as the ROI on their SentinelOne investment.

infosec products April 2020

Entrust Datacard unveils a single portal to discover, control and automate certificate management

Entrust Datacard, a leading provider of trusted identity and secure transaction technology solutions, announced the Entrust Datacard Certificate Hub, a portal that allows customers to find, control and automate their public and private certificate deployments via a single pane of glass.

The use of digital certificates has become significantly more complex. Traditional PKI use cases like user authentication and VPN security now coexist with use cases like the Internet of Things (IoT), software containerization and DevOps systems.

This has increased the number of digital certificates overall, and created demand for short-lived certificates and massively distributed infrastructures. As digital certificates proliferate, enterprises must deliver on the promise of automation to leverage modern cloud and application development methods.

“Security-minded enterprises have a critical need to track their certificates and know when they’re going to expire. Many enterprises struggle to track their certificates and proactively manage them — their environments have grown too complex and distributed to manage hundreds or thousands of certificates on spreadsheets, which opens weaknesses that attackers prey upon,” said Robyn Westerveldt, Research Director, Security & Trust at IDC.

“A certificate lifecycle management tool like Certificate Hub helps enterprises deal with complexity by standardizing, simplifying and streamlining certificate discovery, management and automation.”

Organizations using Entrust Datacard Certificate Hub gain visibility and management across their Entrust Datacard private and publicly trusted Certificate Authorities (CAs), as well as Microsoft CAs.

The platform provides an easy-to-use and intuitive interface that acts as an enforcement point to centrally manage policy and certificate lifecycle management activities including network discovery, certificate issuance and fully automated reporting.

Certificate Hub is fully compatible with existing PKI integrations, so it complements rather than disrupts an organization’s current environment. The application deploys on premise using modern orchestration technology and uses modular pluggable components for expansion and future growth.

Certificate Hub supports Entrust Security Manager (both on-premise and Entrust-managed), Entrust Certificate Services (SSL/TLS), and Microsoft CAs.

Customers can choose between three service tiers, each without certificate limits:

  • Find: Take inventory of all deployed certificates across your organization through the network discovery scanner. Send automated notifications and reports to stakeholders and certificate owners using the Certificate Hub report designer and scheduler.
  • Control: Issue, renew and revoke certificates from multiple CAs using either guided graphic dialogs or an underlying REST API. Use the “CA Source Scan” function to ensure that all issued certificates are visible regardless of end destination.
  • Automate: Deploy and rotate certificates without the need for agents or on-device clients.

“Proper certificate lifecycle management tools and strategies help businesses avoid the risk of outages and critical system breaches,” said Jon Ferguson, Director of Product Management at Entrust Datacard. “Certificate Hub streamlines certificate lifecycle management by providing a single portal where customers can discover, report and manage all certificates across their organization.”

nShield Issuance HSM: Higher security for Entrust Datacard’s card issuance solutions

Entrust Datacard, a leading provider of trusted identity and secure issuance technology solutions, announced the nShield Issuance Hardware Security Module (HSM), designed exclusively to help create an integrated ecosystem for security, simplicity and serviceability for the company’s payment card systems and secure issuance environments.

Banks, bureaus, payment and identification card issuers manage ever larger volumes of card holder and financial data. Their challenge is to secure that data, while keeping pace with evolving compliance requirements.

Entrust Datacard will integrate nShield Issuance HSMs to enhance operational efficiency and security for its high-volume card issuance solutions and instant issuance systems.

Building on its acquisition of HSM market leader nCipher Security, the nShield Issuance HSM enables Entrust Datacard to deliver an end-to-end secure issuance and key management solution for its financial and government card issuance solutions.

The Entrust Datacard solution supports high transaction rates, making it ideal for high-volume issuance environments, where throughput and uptime is critical.

High cryptographic capacity allows the FIPS 140-2 Level 3 certified nShield Issuance HSM to perform vital functions for financial and identification issuance, including EMV data preparation, key generation and data protection, while ensuring that it keeps pace with evolving EMV security standards and key and certificate requirements, such as contactless card profiles.

“Entrust Datacard has pioneered secure card issuance for more than 50 years,” said Dan Good, vice president of Bureau Solutions at Entrust Datacard.

“Integrating the nShield Issuance HSM into our centralized and instant card issuance solutions is the next step in our mission to provide our customers with the complete solutions, trust and peace of mind they need.”

Designed exclusively for Entrust Datacard centralized and instant card issuance solutions, the nShield Issuance HSM features:

  • Secure remote management – Remote administration kit – featuring an nShield Trusted Verification Device – facilitates the remote management of the HSM, including firmware updates other maintenance tasks without having to visit the data center.
  • Flexibility – nCipher’s unique Security World architecture is closely integrated with Datacard® Adaptive Issuance Key Manager Software, ensuring seamless HSM failover and load balancing for maximum program availability.
  • High serviceability – Each HSM features field-serviceable dual hot-swap power supplies and fan tray, with spare parts available.

Entrust Datacard eliminates employee passwords and accelerates secure customer onboarding

Entrust Datacard announced two new high-assurance offerings for the company’s unified authentication management platform: Passwordless Single Sign On (SSO) Authentication to improve workforce security and productivity, and Identity Proofing with fully digital identity verification for accelerated customer acquisition and onboarding.

As digital transformation, cloud deployments and mobile initiatives make communication, data storage and remote workstyles simpler, employees and customers around the world expect security features to follow suit, without compromising user experiences. The latest Entrust Datacard authentication solutions both increase high-assurance security and simplify user experiences.

Entrust Datacard’s Passwordless SSO Authentication solution turns employee smartphones into biometrics-protected virtual smart cards that allow instant proximity-based login to both workstations and applications. The solution creates a frictionless authentication experience, eliminating passwords and putting an end to the risk of bad actors stealing user credentials and compromising critical information.

Taking passwordless login to an SSO experience removes the friction of individual registrations and logins for each device, allowing employees to work across devices and applications – cloud-based and on-premises. The solution improves workforce productivity by enabling employees to securely conduct their work activities – email signing, file encryption, document signing, and more – from their office or remote location without the need to upgrade their hardware or operating system.

Entrust Datacard’s new Identity Proofing solution lets banks, hospitals, government agencies and other customer and citizen-facing organizations offer customers a simple, seamless onboarding experience, either inside or outside physical locations. With Identity Proofing, customers use their smartphones or a kiosk to capture their images and scan government-issued identity documents – such as a driver’s license, passport or national ID card – for fast, AI-based authentication and verification.

Once authenticated and verified, the user can complete their account application securely. This minimizes abandoned account applications, cuts onboarding time from multiple days to minutes and has the potential to reduce an organization’s onboarding costs from hundreds of dollars per account to single digits. The fully digital Identity Proofing solution supports compliance with regional regulations, such as Know Your Customer (KYC) and Anti-Money Laundering (AML) in the United States, and PSD2 in Europe.

“Digital transformation is driving the demand for authentication that is both incredibly easy and highly secure – features once thought incompatible,” said James LaPalme, VP and GM of Authentication at Entrust Datacard. “By delivering passwordless SSO authentication, enterprises can eliminate passwords and transform the employee experience, while increasing privacy and data security. Similarly, our Identity Proofing solution creates a truly digital customer onboarding experience, streamlining and automating what has until now been a costly, manual and less-secure process behind the scenes.”