Security Watch

Automation is the key

The launch of several new products last week could make it easier for federal and state agencies to manage the digital IDs needed for the secure exchange of information with citizens and trading partners across the Internet.

Managing digital certificates, which attach to electronic messages to verify the identities of the people making online transactions, involves many complex steps that are manually done by systems administrators. As a result, the tasks of issuing, installing and renewing digital certificates are prone to human error, which can result in costly system downtime.

Not having "the ability to manage certificates has limited lots of things states want to do with citizens and trading partners," said Phil Windley, a consultant and former chief information officer for Utah. Managing certificates issued to police officers in Utah and other states who need access to Utah's criminal justice computer system proved so unwieldy that the task had to be outsourced, he said.

"An automated solution would be an important step" in simplifying the management of certificates, Windley said.

To that end, IMCentric Inc., a software developer based in Provo, Utah, last week released AutoCert server, which automates the process of managing certificates. The AutoCert server resides behind a network firewall, transmitting and receiving data from internal and outsourced certificate authorities via a Secure Sockets Layer connection, said Russell Thornton, IMCentric's chief executive officer.

Using AutoCert, administrators can manage a variety of platforms — such as the Apace Software Foundation's Apache, Microsoft Corp. Windows and Unix — and multiple certificates through a single Web-based graphical user interface or through a command line interface. AutoCert Server has an autoinstallation feature that simplifies the process of issuing certificates. Certificates can be renewed automatically, or administrators can receive an alert and have the option of reviewing and renewing certificates by clicking on an icon.

Officials at PGP Corp. also want to make the secure exchange of information as seamless and easy as possible for users.

The heart of the architecture is the PGP Universal Server, which automatically generates and manages public keys, digital certificates and encryption and decryption techniques. It also provides policy enforcement. The server can operate in two modes: external, which secures all mail entering and leaving an agency, and internal, which secures all intra-agency messages.

With PGP Universal, the company is attempting to "take the burden [of managing security] off the end user," said Phillip Dunkelberger, PGP's president and CEO.

Automation is also an integral part of security auditing these days. Preventsys Inc. recently released a new module called Policy Lab for the latest version of its Preventsys network auditing software. Policy Lab enables corporations and government agencies to encode English language security and regulatory policies in a machine-readable form to every device that connects to the network.

Featured

  • Defense
    Soldiers from the Old Guard test the second iteration of the Integrated Visual Augmentation System (IVAS) capability set during an exercise at Fort Belvoir, VA in Fall 2019. Photo by Courtney Bacon

    IVAS and the future of defense acquisition

    The Army’s Integrated Visual Augmentation System has been in the works for years, but the potentially multibillion deal could mark a paradigm shift in how the Defense Department buys and leverages technology.

  • Cybersecurity
    Deputy Secretary of Homeland Security Alejandro Mayorkas  (U.S. Coast Guard photo by Petty Officer 3rd Class Lora Ratliff)

    Mayorkas announces cyber 'sprints' on ransomware, ICS, workforce

    The Homeland Security secretary announced a series of focused efforts to address issues around ransomware, critical infrastructure and the agency's workforce that will all be launched in the coming weeks.

Stay Connected