Security Watch

Automation is the key

The launch of several new products last week could make it easier for federal and state agencies to manage the digital IDs needed for the secure exchange of information with citizens and trading partners across the Internet.

Managing digital certificates, which attach to electronic messages to verify the identities of the people making online transactions, involves many complex steps that are manually done by systems administrators. As a result, the tasks of issuing, installing and renewing digital certificates are prone to human error, which can result in costly system downtime.

Not having "the ability to manage certificates has limited lots of things states want to do with citizens and trading partners," said Phil Windley, a consultant and former chief information officer for Utah. Managing certificates issued to police officers in Utah and other states who need access to Utah's criminal justice computer system proved so unwieldy that the task had to be outsourced, he said.

"An automated solution would be an important step" in simplifying the management of certificates, Windley said.

To that end, IMCentric Inc., a software developer based in Provo, Utah, last week released AutoCert server, which automates the process of managing certificates. The AutoCert server resides behind a network firewall, transmitting and receiving data from internal and outsourced certificate authorities via a Secure Sockets Layer connection, said Russell Thornton, IMCentric's chief executive officer.

Using AutoCert, administrators can manage a variety of platforms — such as the Apace Software Foundation's Apache, Microsoft Corp. Windows and Unix — and multiple certificates through a single Web-based graphical user interface or through a command line interface. AutoCert Server has an autoinstallation feature that simplifies the process of issuing certificates. Certificates can be renewed automatically, or administrators can receive an alert and have the option of reviewing and renewing certificates by clicking on an icon.

Officials at PGP Corp. also want to make the secure exchange of information as seamless and easy as possible for users.

The heart of the architecture is the PGP Universal Server, which automatically generates and manages public keys, digital certificates and encryption and decryption techniques. It also provides policy enforcement. The server can operate in two modes: external, which secures all mail entering and leaving an agency, and internal, which secures all intra-agency messages.

With PGP Universal, the company is attempting to "take the burden [of managing security] off the end user," said Phillip Dunkelberger, PGP's president and CEO.

Automation is also an integral part of security auditing these days. Preventsys Inc. recently released a new module called Policy Lab for the latest version of its Preventsys network auditing software. Policy Lab enables corporations and government agencies to encode English language security and regulatory policies in a machine-readable form to every device that connects to the network.

Featured

  • Defense
    Ryan D. McCarthy being sworn in as Army Secretary Oct. 10, 2019. (Photo credit: Sgt. Dana Clarke/U.S. Army)

    Army wants to spend nearly $1B on cloud, data by 2025

    Army Secretary Ryan McCarthy said lack of funding or a potential delay in the JEDI cloud bid "strikes to the heart of our concern."

  • Congress
    Rep. Jim Langevin (D-R.I.) at the Hack the Capitol conference Sept. 20, 2018

    Jim Langevin's view from the Hill

    As chairman of of the Intelligence and Emerging Threats and Capabilities subcommittee of the House Armed Services Committe and a member of the House Homeland Security Committee, Rhode Island Democrat Jim Langevin is one of the most influential voices on cybersecurity in Congress.

Stay Connected

FCW INSIDER

Sign up for our newsletter.

I agree to this site's Privacy Policy.