Data and Database Management Software
Enterprise Software helps deploy access control policies.
Share:
Press Release Summary:
With unified, fine-grained, and auditable security controls, nCipher keyAuthority product suite enables organizations to deploy data protection and access control policies that span application and functional boundaries. Enterprise-wide security management system consolidates and automates management of symmetric and asymmetric cryptographic keys and credentials in transparent manner and can be scaled to meet key management needs of security infrastructures.
Original Press Release:
nCipher Introduces keyAuthority Enterprise Key Management Solution
Unique management approach delivers advanced security controls, consolidates auditing and reduces operational cost
Cambridge UK - 12 September 2005 - nCipher plc (LSE: NCH), a leading provider of cryptographic IT security solutions, today announces the availability of the nCipher keyAuthority product suite. keyAuthority is the first in a new class of enterprise-wide security management systems that delivers unified, fine-grained and auditable security controls to enable organizations to cost-effectively deploy stronger data protection and access control policies that span traditional application and functional boundaries.
nCipher keyAuthority consolidates and automates the management of cryptographic keys and credentials in a transparent manner across large and diverse populations of device end-points and applications. keyAuthority overcomes the fragmented and typically manual processes for managing a wide variety of security functions that arise from the rapidly-expanding use of cryptography across the enterprise. As a result, keyAuthority reduces management costs and enables organizations to manage risk by propagating these advanced security techniques more quickly, in a less error-prone and more auditable manner. Furthermore, keyAuthority can be scaled to meet the key management needs of the world's largest security infrastructures and support both existing and planned deployment of cryptography-enabled applications.
"There is no doubt that with all the attention being given to some of the recent data breaches and the move toward more device and data-level security systems, cryptography is a vital technology in enterprise security," says Andrew Braunberg, senior analyst, Current Analysis. "Cryptography will become more pervasive, causing the number of cryptographic keys that an organization needs to manage to multiply very quickly. The management of these keys up until now has been a very manual ad hoc process, but that approach will become increasingly cumbersome as keys multiply. For this reason, nCipher has a great opportunity to create a leadership position in this market that will also embrace areas such as ID management and DRM."
As organizations become more widely dispersed and increasingly operate within highly interconnected business networks, traditional boundaries and security perimeters become blurred. Cryptography has already become the de facto means of protecting sensitive information on the internet - now these same techniques are being extended and deployed across enterprise networks. The result is an explosion in the number and diversity of applications that use cryptography, with consequent growth in the scale and complexity of managing the resulting cryptographic keys, creating a significant new challenge for IT organizations. Key management raises a number of important and unique management issues, including:
o Keys must remain secret - accessible only under highly specific usage rules - in order to deliver effective protection
o Keys must be made available to authorized users and applications whenever and wherever needed and potentially over extended periods of time, or otherwise risk halting whatever business process is being performed
o Keys must be able to be withdrawn as a way to enforce the revocation of individual user rights, for example when employees leave an organization or when a system is decommissioned
o Key usage must be auditable as a means of establishing an irrefutable record of when sensitive data was accessed or transactions executed, and by whom
Cryptography is used to provide a variety of functions across a rapidly expanding range of applications:
o Encryption is used to ensure the privacy of information passing over networks, e.g. in internet security protocols such as SSL or IPSec, and also to protect information stored in databases, file systems and storage networks.
o Digital identities based on the use of digital certificates enable strong authentication of both users and network connected devices to reinforce access control.
o Digital signatures are used increasingly to validate the integrity and provide auditability of information and actions.
Traditionally, these functions have been managed manually and often purely within the context of each specific application, resulting in an error-prone and fragmented approach that is rapidly becoming untenable.
nCipher's recent survey "Cryptography in the Enterprise 2005" queried 237 security decision-makers within organizations worldwide, revealing that 74 percent of respondents are using, or plan to use, encryption to underpin at least five different security functions within the next 18 months, a dramatic increase from the 35% of respondents that are currently using encryption to secure five or more functions. The survey also revealed that more than 10% of respondents already have over 10,000 keys currently in need of management. Both results are significant indications confirming that cryptography is rapidly maturing as a mainstream security tool. For more information on the survey see http://ncipher.com/crypto2005/
"As a result of working with some of the most security-aware organizations in the world we have developed keyAuthority to help control escalating management costs and provide a single management interface to consolidate key management operations at the appropriate business level, helping to satisfy compliance and internal policy requirements," says Dr. Nicko van Someren, Chief Technology Officer at nCipher. "keyAuthority builds on nCipher's market-proven technologies and broad experience of helping our customers deploy strong cryptography in support of a wide variety of applications and across numerous platforms and operating systems. We believe that we are uniquely placed to address these emerging management issues particularly as new PC security technologies such as Trusted Platform Modules (TPM) and next generation authentication tokens become deployed, raising the security bar across the enterprise."
The keyAuthority product suite satisfies the need to deliver keys to a wide variety of end-points on demand and in a highly resilient and scalable manner without requiring modification of the applications that actually use the keys. keyAuthority manages both symmetric and asymmetric keys and is the perfect complement to existing PKI deployments. The entire system is secured by the use of nCipher's hardware security modules (HSM) that have been independently validated to FIPS 140-2 Level 3 security standard.
The keyAuthority suite comprises three core components:
o keyAuthority Management Server that generates, manages and archives keys, establishes security polices and provides the integration point for other enterprise systems
o keyAuthority Provisioning Server that securely distributes keys and other security objects directly and on-demand to authorized end-points and applications
o keyAuthority Management Console provides a stand-alone management interface for the system.
For more information about nCipher's keyAuthority visit ncipher.com/keyauthority
A webinar about nCipher's keyAuthority enterprise management solution will be held on Tuesday, 4 October 2005. For more details and registration visit https://ncipher.raindance.com/iccdocs/seminarDesc.shtml?id=48705&mode=cal&tz=PST
About nCipher
nCipher is a leading provider of cryptographic security, enabling our customers to meet the challenges of verifying identity, protecting data and complying with security regulations. nCipher's solutions provide a unified approach to cryptographic management providing strict access controls and high assurance trusted processing, overcoming traditional issues of scalability, performance and weak platform security. The world's leading organizations work with nCipher to protect security critical systems such as web site infrastructure, online banking and payment processing networks, PKI, web services, databases and digital rights management schemes.
nCipher is the winner of the Microsoft Security Solution of the Year award 2004. The company is listed on the London Stock Exchange (LSE:NCH) and is a member of the FTSE TechMARK and FTSE4Good indices with offices in Cambridge, UK; Boston, Washington, Hamburg and Tokyo. For more information on nCipher, visit www.ncipher.com
For further information
Liz Harris, nCipher, Tel: +44 (0)1223 723600, email: liz@ncipher.com
