Security Watch

Automation is the key

The launch of several new products last week could make it easier for federal and state agencies to manage the digital IDs needed for the secure exchange of information with citizens and trading partners across the Internet.

Managing digital certificates, which attach to electronic messages to verify the identities of the people making online transactions, involves many complex steps that are manually done by systems administrators. As a result, the tasks of issuing, installing and renewing digital certificates are prone to human error, which can result in costly system downtime.

Not having "the ability to manage certificates has limited lots of things states want to do with citizens and trading partners," said Phil Windley, a consultant and former chief information officer for Utah. Managing certificates issued to police officers in Utah and other states who need access to Utah's criminal justice computer system proved so unwieldy that the task had to be outsourced, he said.

"An automated solution would be an important step" in simplifying the management of certificates, Windley said.

To that end, IMCentric Inc., a software developer based in Provo, Utah, last week released AutoCert server, which automates the process of managing certificates. The AutoCert server resides behind a network firewall, transmitting and receiving data from internal and outsourced certificate authorities via a Secure Sockets Layer connection, said Russell Thornton, IMCentric's chief executive officer.

Using AutoCert, administrators can manage a variety of platforms — such as the Apace Software Foundation's Apache, Microsoft Corp. Windows and Unix — and multiple certificates through a single Web-based graphical user interface or through a command line interface. AutoCert Server has an autoinstallation feature that simplifies the process of issuing certificates. Certificates can be renewed automatically, or administrators can receive an alert and have the option of reviewing and renewing certificates by clicking on an icon.

Officials at PGP Corp. also want to make the secure exchange of information as seamless and easy as possible for users.

The heart of the architecture is the PGP Universal Server, which automatically generates and manages public keys, digital certificates and encryption and decryption techniques. It also provides policy enforcement. The server can operate in two modes: external, which secures all mail entering and leaving an agency, and internal, which secures all intra-agency messages.

With PGP Universal, the company is attempting to "take the burden [of managing security] off the end user," said Phillip Dunkelberger, PGP's president and CEO.

Automation is also an integral part of security auditing these days. Preventsys Inc. recently released a new module called Policy Lab for the latest version of its Preventsys network auditing software. Policy Lab enables corporations and government agencies to encode English language security and regulatory policies in a machine-readable form to every device that connects to the network.

Featured

  • Cybersecurity

    DHS floats 'collective defense' model for cybersecurity

    Homeland Security Secretary Kirstjen Nielsen wants her department to have a more direct role in defending the private sector and critical infrastructure entities from cyberthreats.

  • Defense
    Defense Secretary James Mattis testifies at an April 12 hearing of the House Armed Services Committee.

    Mattis: Cloud deal not tailored for Amazon

    On Capitol Hill, Defense Secretary Jim Mattis sought to quell "rumors" that the Pentagon's planned single-award cloud acquisition was designed with Amazon Web Services in mind.

  • Census
    shutterstock image

    2020 Census to include citizenship question

    The Department of Commerce is breaking with recent practice and restoring a question about respondent citizenship last used in 1950, despite being urged not to by former Census directors and outside experts.

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.