Management Update: The Outlook for the PKI Market
|
|
- Vivien Jones
- 7 years ago
- Views:
Transcription
1 IGG V. Wheatman, R. Wagner Article 9 July 2003 Management Update: The Outlook for the PKI Market With less market emphasis on cryptographic key management, and more on rule-based identity and access management, public-key infrastructure (PKI) market participants are transforming or failing. PKI has not lived up to its hype. With less market emphasis on cryptographic key management, and more on rule-based identity and access management, public-key infrastructure (PKI) market participants are transforming or failing. PKI has not lived up to its hype. Digital Certificates Digital certificates, or signed public keys, serve several functions: Personal digital certificates can be used for identification and authentication, encrypted e- mail, and in protecting files through encryption. Certification authorities issue server digital certificates, which are required for Secure Sockets Layer (SSL), to protect data in transit between a client (typically a browser) and a Web server or portal. Developer certificates are issued for signing software. Hardware platforms, such as set-top devices and personal digital assistants, can hold digital certificates to identify a unit to a service. With some notable exceptions, PKI systems and the certification authorities that are part of a PKI have, as forecast, become embedded in applications that require public cryptographic key management. Few uppercase centralized PKI projects are being launched in North America or being attempted worldwide (uppercase refers to a major, true infrastructure). However, continuing interest exists regarding smart card platforms, such as the U.S. Department of Defense s Common Access Card program, in the context of identity and access management, and in several industry cases. Remaining Interest Areas for Enterprise PKI What interest remains in enterprise PKI is related directly to government or defense agency special cases, or security managers efforts to be in regulatory compliance with various laws, such as the Gartner Entire contents 2003 Gartner, Inc. All rights reserved. Reproduction of this publication in any form without prior written permission is forbidden. The information contained herein has been obtained from sources believed to be reliable. Gartner disclaims all warranties as to the accuracy, completeness or adequacy of such information. Gartner shall have no liability for errors, omissions or inadequacies in the information contained herein or for interpretations thereof. The reader assumes sole responsibility for the selection of these materials to achieve its intended results. The opinions expressed herein are subject to change without notice.
2 HIPAA (Health Insurance Portability and Accountability Act), the Gramm-Leach-Bliley Act or the Sarbanes-Oxley Corporate Responsibility Act. Those initiatives generally have one of two goals: Secure communications, such as and file transfers to disparate individuals and enterprises. This is most apparent in the healthcare vertical market, where organizations that are trying to meet HIPAA privacy and security regulations are searching for ways to secure communications among healthcare providers, insurers and researchers, and with healthcare consumers. Digital signature applications for enterprises requiring strong authentication and nonrepudiation for high-value or high-risk transactions. This is most apparent in the banking and financial vertical industries, and where organizations face audit requirements and compliance with the Gramm-Leach-Bliley and Sarbanes-Oxley acts. Enterprises that are bringing formerly paperbased applications that require signatures online often have this objective. However, even in those regulatory-driven circumstances, alternatives are available, and regulations that once seemed to require PKI have been modified and weakened to allow use of non-pki-based solutions for compliance. Client Certificates Long-term issues for client-side certificates have obstructed market acceptance. The issues include interoperability, cross-certification, portability, privacy and legal liability. Moving digital certificates to the desktop has proved to be especially difficult because it requires touching every desktop. Users must be trained, certificates must be managed and private keys must be protected. The smart-card option for storing and protecting private keys, while enabling portability, is slowly improving in terms of reader deployments, but North America is far from having ubiquitous smart-card readers. Despite user ID and password problems and limitations, IT security directors view the routines as adequate for most identification and authentication requirements. Users presumed requirements for cryptographic digital signatures are often wrong; other, easily used, forms of electronic signature are acceptable. Tactical solutions that do not rely on a centrally managed PKI can be used for other applications, such as secure and managed file encryption. Secure Sockets Layer Web site managers initially bought server-side certificates from third parties, such as VeriSign, to provide encryption of data moving through the Internet to the Web server in an e-business application. An SSL session is invoked for entering personal data or submitting credit card information. SSL is becoming more important because it provides virtual private network (VPN) capabilities in a simpler manner than IPsec, also known as IP Security. Competition has increased for SSL certificates, which has placed substantial price pressure on the early trusted third parties. VeriSign acquired Thawte Consulting, a South African SSL provider. GeoTrust has been particularly aggressive. Major PKI vendors Entrust, Baltimore Technologies and RSA Security offer SSL certificates.
3 Smaller, lesser-known entrants, such as FreeSSL.com, Comodo Group and IPS Certification Authority, usually chain (link) to one of the better-known certification authorities that have their root certificates installed in the most-used browsers. An increasing number of IT security directors are using self-signed certificates to avoid buying thirdparty credentials, particularly for intranet applications. However, some enterprises still want a trusted certificate from a known brand. The SSL standard specifies only data encryption. Suppliers that have attempted to upsell services to certify the identity and owner of a Web site have been only modestly successful. The limitations of this type of service are indicated in a service s relying party agreement: While [the Service] is intended to help provide information to you about a Web site which will help you detect and avoid spoofing, hijacking, hacking and similar misuse of the Web site pages, you acknowledge that [the Service] cannot prevent spoofing, hijacking, hacking and similar misuse of Web site pages, and that you may be misled under certain circumstances to believe that certain false pages or images are genuine pages from a Web site. The SSL portion of the PKI market has become commoditized with the decline in dot-coms, increased competition and the use of self-signing SSL certificates. Some SSL growth will occur in SSL VPNs, Web services and supporting wireless LAN encryption, and for creating authenticated and secured mail servers. However, the size of the opportunity is unknown. Enterprises should use well-known brand name certificates for public-facing Web-based applications. More than half of Web sites across all domains use VeriSign or Thawte (a VeriSign company), in part to display a known seal on their sites to elevate consumer trust in those sites. However, for many Web sites, self-signed or lesser-known certificates are adequate if the goal is simply to encrypt traffic between the browser and server. Code-Signing Certificates In traditional application development, developers review their work with their managers and physically sign printouts to take responsibility for their efforts. As applied to electronic software distribution, code signing essentially provides shrink wrap for an application by identifying its publisher or developer, and it ensures that the application hasn t been altered before or during downloading. Code signing often uses software publishers certificates that are purchased from a commercial certification authority. In addition to identifying the publisher, applicants also pledge that they will not distribute software that they know, or should have known, contains viruses, or would otherwise harm users computers or other code. The tradition of signing code relates to quality control. With executables, the risk of code grows into potentially major security concerns. Web browsers are equipped with security mechanisms to protect users computers by restricting the resources that are available to downloaded programs, drivers or other code. Although growth in the use of PKI-enabled code signing is moderate to flat, new markets are emerging for its use in Web services and, in particular, for mobile/wireless applications, where rogue code could cause service interruptions in a network run by a single entity. The PKI Opportunity Is Muted
4 PKI vendors have looked to potential markets within government agencies (with long decision processes) and telecommunications companies (with challenged budgets). Some countries have considered PKI as part of national identity card programs to address homeland security issues, but this invariably leads to privacy concerns. Canada withdrew its health card identity program because of these concerns. However, Baltimore has sold PKI systems for national identity projects in Finland, Estonia and elsewhere. PKI has niche market opportunities in heavily R&D-related application areas (for example, pharmaceuticals) as well as some regulatory contexts, such as compliance with the U.S. Food and Drug Administration s 21 Code of Federal Regulations (CFR) Part 11. (However, even 21 CFR 11 requirements have been reduced because of pharmaceutical company protests.) Opportunities also exist in intelligence and law enforcement communities. Web Services Offer Hope The emergence of Web services is a potential bright spot in PKI s future. Web services are nextgeneration, Web-protocol-based application integration technologies that are supported at the platform level by industry heavyweights such as Microsoft, IBM, BEA Systems and Sun Microsystems. Security mechanisms for advanced Web services seemingly will require certificates for fine-grained encryption and digital signatures on subelements in a SOAP (Simple Object Access Protocol) message or on a multipart XML electronic form. Complex, multiparticipant Web services cannot adequately represent trust relationships, and enforce privacy and confidentiality, without PKI s asymmetric cryptographic functionality. However, the current early stage of Web services deployment, which is primarily internal to organizations, does not yet indicate if certificates will be deployed on a service-by-service basis, or if enterprises will be content with executing all Web services with a small number of SSL certificates. In both cases, it is likely that managed services, such as VeriSign, and low-end solutions, such as Microsoft, will benefit the most from the evolution of Web services security. In addition, as Web services mature, other trust mechanisms possibly will emerge (if needed), and digital certificates and the PKI systems that help manage them will fall by the wayside as a good technology that failed to find a broad base of application. Bottom Line Public-key infrastructure is disappearing into applications as an embedded feature, rather than remaining as an end product. PKI certainly is not living up to its hype. Alternative approaches are being found to secure applications, such as S/MIME (Secure Multipurpose Internet Mail Extensions) for secure and digital signatures. PKI vendors are failing or transforming into other vendor types. IT security directors must focus on the value that applications gain from the PKI functions of managed cryptographic keys, rather than view PKI as an infrastructure service looking for applications to support. Written by Edward Younker, Research Products Analytical source: Vic Wheatman and Ray Wagner, Gartner Research
5 For related Inside Gartner articles, see: Management Update: Security Strategies for Enterprises Using Web Services, (IGG ) CIO Update: The Status of Technology for Trusted E-Signatures, (IGG )
Magic Quadrant for a Fading PKI Market, 2003
Markets, V. Wheatman, R. Wagner Research Note 17 June 2003 Magic Quadrant for a Fading PKI Market, 2003 Pure-play public-key infrastructure vendors are disappearing due to failure or acquisition, or by
More informationSSL VPN 1H03 Magic Quadrant Evaluation Criteria
Markets, J. Girard Research Note 8 April 2003 SSL VPN 1H03 Magic Quadrant Evaluation Criteria Secure Sockets Layer virtual private networks are simple, portable and convenient alternatives to IPsec, and
More informationEnterprise SSL FEATURES & BENEFITS
Enterprise SSL FEATURES & BENEFITS What s included: - Powerful 1024-bit signed RSA certificates - Centralised, web-based administrative portal for certificate management - Dynamically-generated site seal
More informationWhite Paper Delivering Web Services Security: The Entrust Secure Transaction Platform
White Paper Delivering Web Services Security: September 2003 Copyright 2003 Entrust. All rights reserved. Entrust is a registered trademark of Entrust, Inc. in the United States and certain other countries.
More informationSSL VPN 1H03 Magic Quadrant
Markets, J. Girard Research Note 8 April 2003 SSL VPN 1H03 Magic Quadrant The emerging Secure Sockets Layer virtual private network market is standards-based, with good short-term return on investment
More informationManagement Update: Gartner s Updated Help Desk Outsourcing Magic Quadrant
IGG-02192003-03 R. Matlus Article 19 February 2003 Management Update: Gartner s Updated Help Desk Outsourcing Magic Quadrant The North American help desk outsourcing market is growing despite a down economy.
More informationCIO Update: Gartner s IT Security Management Magic Quadrant Lacks a Leader
IGG-04092003-04 M. Nicolett Article 9 April 2003 CIO Update: Gartner s IT Security Management Magic Quadrant Lacks a Leader Vendors in the Gartner IT Security Management Magic Quadrant for 1H03 are driven
More informationStrong Security in Multiple Server Environments
White Paper Strong Security in Multiple Server Environments VeriSign OnSite for Server IDs Contents 1. Introduction 1 2. Security Solutions: The Digital ID System 2 2.1. What Is a Digital ID? 2 2.2 How
More informationCIO Update: Gartner's Extranet Access Management Magic Quadrant for 2H02
IGG-01152003-02 J. Pescatore, R. Wagner Article 15 January 2003 CIO Update: Gartner's Extranet Access Management Magic Quadrant for 2H02 CIOs and many other executives are interested in insights on how
More informationEntrust Managed Services PKI. Getting an end-user Entrust certificate using Entrust Authority Administration Services. Document issue: 2.
Entrust Managed Services PKI Getting an end-user Entrust certificate using Entrust Authority Administration Services Document issue: 2.0 Date of issue: June 2009 Revision information Table 1: Revisions
More informationManagement Alert: Microsoft Will Be a Strong Force in the CRM Market
IGG-02052003-01 E. Thompson, J. Outlaw Article 5 February 2003 Management Alert: Microsoft Will Be a Strong Force in the CRM Market Microsoft is poised to have a major impact on the customer relationship
More informationMagic Quadrant for Application Platform Suites, 2Q03
Markets, Y. Natis, M. Pezzini, G. Phifer, C. Haight, M. Driver Research Note 5 May 2003 Magic Quadrant for Application Platform Suites, 2Q03 Application platform suites are incrementally assembled or bought
More informationBusiness Intelligence: The European Perspective
Markets, F. Buytendijk Research Note 5 November 2002 Business Intelligence: The European Perspective When choosing business intelligence products, European users are not that different from North American
More informationUsing Entrust certificates with VPN
Entrust Managed Services PKI Using Entrust certificates with VPN Document issue: 1.0 Date of issue: May 2009 Copyright 2009 Entrust. All rights reserved. Entrust is a trademark or a registered trademark
More informationEntrust Managed Services PKI. Getting started with digital certificates and Entrust Managed Services PKI. Document issue: 1.0
Entrust Managed Services PKI Getting started with digital certificates and Entrust Managed Services PKI Document issue: 1.0 Date of issue: May 2009 Copyright 2009 Entrust. All rights reserved. Entrust
More informationWhat CIOs Want to Know About Microsoft Active Directory
IGG-01222003-01 J. Enck Article 22 January 2003 What CIOs Want to Know About Microsoft Active Directory Active Directory deployments are increasing and so are questions about the technology. Gartner addresses
More informationThe Four "A's" of Information Security
Strategic Planning, R. Witty, A. Allan, J. Enck, R. Wagner Research Note 4 November 2003 Identity and Access Management Defined An IAM solution requires multiple products from multiple vendors. It also
More informationMarket Trends in 2002 and 2003
Markets, J. Pescatore, R. Wagner Research Note 8 January 2003 Extranet Access Management 2H02 Magic Quadrant Inside-the-firewall (intraenterprise) integration to reduce costs dominated the extranet access
More informationManagement Update: How to Implement a Successful ERP II Project
IGG-09252002-02 B. Zrimsek, P. Phelan Article 25 September 2002 Management Update: How to Implement a Successful ERP II Project Gartner provides insights and recommendations on how enterprises can make
More informationBest Practices for Securing Your Enterprise:
white paper 10 Things You Need to Know Best Practices for Securing Your Enterprise: In today s global economy, businesses depend on the Internet like never before -- enterprises are increasingly conducting
More informationAn Introduction to CODE SIGNING
An Introduction to CODE SIGNING CONTENTS. 1 What is Code Signing. 03 2 Code Signing Certificates 101...05 3 Why & When to Digitally Sign Code.09 4 Self Signing vs. Publicly Trusted...12 5 Code Signing
More informationRTEs Must Anticipate New Network Demands
Strategic Planning, W. Clark Research Note 13 March 2003 RTEs Must Anticipate New Network Demands Real-time enterprise requirements will change key characteristics of network traffic as usage patterns
More informationSet Up Your Email. HTC Touch Pro. www.sprint.com
Set Up Your Email HTC Touch Pro www.sprint.com 2008 Sprint. Sprint and the logo are trademarks of Sprint. Other marks are the property of their respective owners. Intellectual Property Notices Copyright
More informationManagement Update: Selecting the Right ERP II Service Partner Is a Critical Success Factor
IGG-10232002-02 P. Phelan Article 23 October 2002 Management Update: Selecting the Right ERP II Service Partner Is a Critical Success Factor Service partner relationships will grow to enable more holistic
More informationCase Study: CMS Data-Sharing Project Highlights the Benefits of a Multiplatform Approach
Case Study: CMS Data-Sharing Project Highlights the Benefits of a Multiplatform Approach 9 November 2009 Jay Heiser, John Girard Gartner RAS Core Research Note G00168944 The U.S. government agency responsible
More informationAccess Control patient centric selective sharing Emergency Access Information Exchange
Electronic Health Record Software Required Security Features and Recommendations for Technical Specifications of Single Source Contracts and RFI for the Behavioral Health Information Technology Grant Scope:
More informationSIEM and IAM Technology Integration
SIEM and IAM Technology Integration Gartner RAS Core Research Note G00161012, Mark Nicolett, Earl Perkins, 1 September 2009, RA3 09302010 Integration of identity and access management (IAM) and security
More informationSet Up Your Email. HTC Touch Pro2. www.sprint.com
Set Up Your Email HTC Touch Pro2 www.sprint.com 2009 Sprint. Sprint and the logo are trademarks of Sprint. Other marks are the property of their respective owners. Intellectual Property Notices HTC, the
More informationManagement Update: Powerhouse Vendors Implement Document Management
IGG-10302002-04 G. Landers, K. Shegda, D. Logan Article 30 October 2002 Management Update: Powerhouse Vendors Implement Document Management Interest within enterprises is growing in the management of unstructured
More informationCornerstones of Security
Internet Security Cornerstones of Security Authenticity the sender (either client or server) of a message is who he, she or it claims to be Privacy the contents of a message are secret and only known to
More informationVeriSign PKI Client Government Edition v 1.5. VeriSign PKI Client Government. VeriSign PKI Client VeriSign, Inc. Government.
END USER S GUIDE VeriSign PKI Client Government Edition v 1.5 End User s Guide VeriSign PKI Client Government Version 1.5 Administrator s Guide VeriSign PKI Client VeriSign, Inc. Government Copyright 2010
More informationAn Introduction to Entrust PKI. Last updated: September 14, 2004
An Introduction to Entrust PKI Last updated: September 14, 2004 2004 Entrust. All rights reserved. Entrust is a registered trademark of Entrust, Inc. in the United States and certain other countries. In
More informationWhy strong Validation processes for SSL are essential for the preservation of trust in the Internet economy
Why strong Validation processes for SSL are essential for the preservation of trust in the Internet economy Weak validation processes undermine the value of SSL as a trust enabling technology Introduction
More informationencryption keys, signing keys are not archived, reducing exposure to unauthorized access to the private key.
The way the world does business is changing, and corporate security must change accordingly. For instance, e-mail now carries not only memos and notes, but also contracts and sensitive financial information.
More informationComodo US 3401 E. McDowell Rd, Suite B, Phoenix AZ 85008. Tel: (877) COMODO-5 Fax: (720) 863 2140 Email: sales@comodogroup.com
Comodo US 3401 E. McDowell Rd, Suite B, Phoenix AZ 85008. Tel: (877) COMODO-5 Fax: (720) 863 2140 Comodo Europe New Court, Regents Place, Regent Road, Manchester M5 4HB, United Kingdom Tel: +44 (0) 161
More informationHow To Manage A Password Protected Digital Id On A Microsoft Pc Or Macbook (Windows) With A Password Safehouse (Windows 7) On A Pc Or Ipad (Windows 8) On An Ipad Or Macintosh (Windows 9)
Overview November, 2006 Copyright 2006 Entrust. Entrust is a registered trademark of Entrust, Inc. in the United States and certain other countries. All other Entrust product names and service names are
More informationManagement Update: Gartner s BI Magic Quadrant Update Sailing in Rough Waters
IGG-09112002-02 H. Dresner Article 11 September 2002 Management Update: Gartner s BI Magic Quadrant Update Sailing in Rough Waters Although the business intelligence (BI) market continues to ride out the
More informationGetting a Secure Intranet
61-04-69 Getting a Secure Intranet Stewart S. Miller The Internet and World Wide Web are storehouses of information for many new and legitimate purposes. Unfortunately, they also appeal to people who like
More informationFive Business Drivers of Identity and Access Management
Research Publication Date: 31 October 2003 ID Number: SPA-21-3673 Five Business Drivers of Identity and Access Management Roberta J. Witty The primary reasons to implement IAM solutions are business facilitation,
More informationNew Single Sign-on Options for IBM Lotus Notes & Domino. 2012 IBM Corporation
New Single Sign-on Options for IBM Lotus Notes & Domino 2012 IBM Corporation IBM s statements regarding its plans, directions, and intent are subject to change or withdrawal without notice at IBM s sole
More informationSecurity Characteristics of Cryptographic Mobility Solutions
Security Characteristics of Cryptographic Mobility Solutions Dr. Sarbari Gupta Electrosoft Services Tel: (703)757-9096 sarbari@electrosoft-inc.com http://www.electrosoft-inc.com Agenda What is a Cryptographic
More informationLinux Web Based VPN Connectivity Details and Instructions
Linux Web Based VPN Connectivity Details and Instructions UMDNJ s Web-based VPN utilizes an SSL Based Cisco Application that provides VPN functionality without having to install a full client for end users
More informationUsers and Vendors Speak Out: Intrusion Detection and Prevention
Market Analysis Users and Vendors Speak Out: Intrusion Detection and Prevention Abstract: With network security concerns multiplying, intrusion protection systems are a hot commodity. But don't count out
More informationEntrust Managed Services PKI. Configuring secure LDAP with Domain Controller digital certificates
Entrust Managed Services Entrust Managed Services PKI Configuring secure LDAP with Domain Controller digital certificates Document issue: 1.0 Date of issue: October 2009 Copyright 2009 Entrust. All rights
More informationUnderstanding Digital Certificates & Secure Sockets Layer A Fundamental Requirement for Internet Transactions
A Fundamental Requirement for Internet Transactions May 2007 Copyright 2007 Entrust. All rights reserved. Entrust is a registered trademark of Entrust, Inc. in the United States and certain other countries.
More informationNew Mobile Network Enhances Public Safety in Finland
Case Studies, M. Basso Research Note 8 July 2003 New Mobile Network Enhances Public Safety in Finland A private network based on TETRA technology is revolutionizing public safety in Finland. The Virve
More informationXerox SMart esolutions. Security White Paper
Xerox SMart esolutions Security White Paper 1 Xerox SMart esolutions White Paper Network and data security is one of the many challenges that businesses face on a daily basis. Recognizing this, Xerox Corporation
More informationAD CS. http://technet.microsoft.com/en-us/library/cc731564.aspx
AD CS AD CS http://technet.microsoft.com/en-us/library/cc731564.aspx Active Directory Certificate Services (AD CS) is an Identity and Access Control security technology that provides customizable services
More informationtechnical brief browsing to an installation of HP Web Jetadmin. Internal Access HTTP Port Access List User Profiles HTTP Port
technical brief in HP Overview HP is a powerful webbased software utility for installing, configuring, and managing networkconnected devices. Since it can install and configure devices, it must be able
More informationMeasuring Sarbanes-Oxley Compliance Requirements
IGG-10012003-03 R. Mogull, D. Logan, L. Leskela Article 1 October 2003 CIO Alert: How You Should Prepare for Sarbanes-Oxley Sarbanes-Oxley is the most sweeping legislation to affect publicly traded companies
More informationWhy you need secure email
Why you need secure email WHITE PAPER CONTENTS 1. Executive summary 2. How email works 3. Security threats to your email communications 4. Symmetric and asymmetric encryption 5. Securing your email with
More informationVPN. Date: 4/15/2004 By: Heena Patel Email:hpatel4@stevens-tech.edu
VPN Date: 4/15/2004 By: Heena Patel Email:hpatel4@stevens-tech.edu What is VPN? A VPN (virtual private network) is a private data network that uses public telecommunicating infrastructure (Internet), maintaining
More informationAdoption of PKI. Where are we, where should we be, what s holding us back, and where do we want to go?
Adoption of PKI Where are we, where should we be, what s holding us back, and where do we want to go? And: what about authentication vs. authorization? Rich Guida What are the framing issues? What applications
More informationMeeting the FDA s Requirements for Electronic Records and Electronic Signatures (21 CFR Part 11)
Meeting the FDA s Requirements for Electronic Records and Electronic Signatures (21 CFR Part 11) Executive Summary...3 Background...4 Internet Growth in the Pharmaceutical Industries...4 The Need for Security...4
More informationBusiness Applications and Infrastructure Entwined
Markets, S. Hayward, B. Burton, J. Comport, Y. Genovese, T. Bittman Research Note 9 July 2003 Business and Infrastructure Entwined Oracle's bid for PeopleSoft encompasses more than applications. It illustrates
More informationSelect CRM Applications Carefully to Get Maximum Benefits
Strategic Planning, B. Eisenfeld Research Note 19 February 2003 Select CRM Applications Carefully to Get Maximum Benefits Enterprises pursuing the advantages of a customer relationship management strategy
More informationEMEA CRM Analytics Suite Magic Quadrant Criteria 3Q02
Decision Framework, J. Radcliffe Research Note 26 September 2002 EMEA CRM Analytics Suite Magic Quadrant Criteria 3Q02 Europe, the Middle East and Africa Customer Relationship Management Analytics Suite
More informationCIO Update: The Gartner Firewall Magic Quadrant for 2H02
IGG-09252002-03 R. Stiennon Article 25 September 2002 CIO Update: The Gartner Firewall Magic Quadrant for 2H02 In presenting its latest Firewall Magic Quadrant, Gartner discusses how the firewall market
More information10 Secure Electronic Transactions: Overview, Capabilities, and Current Status
10 Secure Electronic Transactions: Overview, Capabilities, and Current Status Gordon Agnew A&F Consulting, and University of Waterloo, Ontario, Canada 10.1 Introduction Until recently, there were two primary
More informationX.509 Certificate Management: Avoiding Downtime and Brand Damage
G00226426 X.509 Certificate Management: Avoiding Downtime and Brand Damage Published: 4 November 2011 Analyst(s): Eric Ouellet, Vic Wheatman Organizations are often not aware of the scope or the validity
More informationSECURE DIGITAL SIGNATURES FOR APPRAISERS
ABSTRACT An appraiser s credibility is represented by a valid license and the signature affixed to a report. Providing a common requirement for the creation of digital signatures for licensed or certified
More informationwith PKI Use Case Guide
Intel Identity Protection Technology (Intel IPT) with PKI Use Case Guide Version 1.0 Document Release Date: February 29, 2012 Intel IPT with PKI Use Case Guide i Legal Notices and Disclaimers INFORMATION
More informationCIO Update: Legacy Modernization Magic Quadrant Helps in Providing Applications for Tomorrow
IGG-03192003-03 D. Vecchio Article 19 March 2003 CIO Update: Legacy Modernization Magic Quadrant Helps in Providing Applications for Tomorrow The conversion of aging applications to more modern architectures
More informationCODE SIGNING. Why Developers Need to Digitally Sign Code and Applications. +1-888-690-2424 entrust.com
CODE SIGNING Why Developers Need to Digitally Sign Code and Applications +1-888-690-2424 entrust.com Table of contents Why Code Sign? Page 3 What is Code Signing? Page 4 Verifying Code Authenticity Page
More informationiphone in Business Security Overview
iphone in Business Security Overview iphone can securely access corporate services and protect data on the device. It provides strong encryption for data in transmission, proven authentication methods
More informationKey Management and Distribution
Key Management and Distribution Raj Jain Washington University in Saint Louis Saint Louis, MO 63130 Jain@cse.wustl.edu Audio/Video recordings of this lecture are available at: http://www.cse.wustl.edu/~jain/cse571-11/
More informationPartner Relationship Management: 2003 Magic Quadrant
Markets, R. DeSisto, C. Marcus Research Note 11 February 2003 Partner Relationship Management: 2003 Magic Quadrant In the latest Gartner PRM Magic Quadrant, Siebel remains the sole PRM leader. Allegis,
More informationNew Security Features
New Security Features BlackBerry 10 OS Version 10.3.2 Published: 2015-06-08 SWD-20150608104314635 Contents About this guide... 4 What's new... 4 NFC smart card support... 5 OCSP stapling support in the
More informationSSL VPN vs. IPSec VPN
SSL VPN vs. IPSec VPN White Paper 254 E. Hacienda Avenue Campbell, CA 95008 www.arraynetworks.net (408) 378-6800 1 SSL VPN vs. IPSec VPN Copyright 2002 Array Networks, Inc. SSL VPN vs. IPSec VPN White
More informationArcot Systems, Inc. Securing Digital Identities. FPKI-TWG Mobility Solutions Today s Speaker Tom Wu Principal Software Engineer
Arcot Systems, Inc. Securing Digital Identities FPKI-TWG Mobility Solutions Today s Speaker Tom Wu Principal Software Engineer Today s Agenda Background Who is Arcot Systems? What is an ArcotID? Why use
More informationSSL VPN Technology White Paper
SSL VPN Technology White Paper Keywords: SSL VPN, HTTPS, Web access, TCP access, IP access Abstract: SSL VPN is an emerging VPN technology based on HTTPS. This document describes its implementation and
More informationDeploying iphone and ipad Security Overview
Deploying iphone and ipad Security Overview ios, the operating system at the core of iphone and ipad, is built upon layers of security. This enables iphone and ipad to securely access corporate services
More informationVendor Ratings, VDR-18-1757 Nikos Drakos
Vendor Ratings, Nikos Drakos Research Note 5 November 2002 Vendor Rating: Tridion Web Content Management Tridion hopes that a prudent business strategy and a flexible product line will be enough to put
More informationUnderstanding Digital Certificates & Secure Sockets Layer (SSL): A Fundamental Requirement for Internet Transactions
Understanding Digital Certificates & Secure Sockets Layer (SSL): A Fundamental Requirement for Internet Transactions February 2005 All rights reserved. Page i Entrust is a registered trademark of Entrust,
More informationManagement Update: The Cornerstones of Business Intelligence Excellence
G00120819 T. Friedman, B. Hostmann Article 5 May 2004 Management Update: The Cornerstones of Business Intelligence Excellence Business value is the measure of success of a business intelligence (BI) initiative.
More informationManaged Remote-Access 1H03 Leaders, Challengers
Markets, J. Girard, E. Paulak Research Note 19 March 2003 Managed Remote-Access 1H03 Leaders, Challengers Owning networks no longer drives remote-access market leadership. Vendors that aggregate other
More informationG00123440 A. Allan. Directory authentication providing a common ID and password across multiple systems
. llan Research Note 21 October 2004 Commentary Enterprise Single Sign-On Tools re Comprehensive but Costly Managing multiple user identities and passwords is difficult for companies and users. ESSO can
More informationBUSINESS GUIDE SECURING YOUR SOFTWARE FOR THE MOBILE APPLICATION MARKET THE LATEST CODE SIGNING TECHNOLOGY
SECURING YOUR SOFTWARE FOR THE MOBILE APPLICATION MARKET THE LATEST CODE SIGNING TECHNOLOGY Now from CONTENTS 1 THE CHALLENGE 1 A BRIEF REVIEW OF CODE SIGNING 2 THE SOLUTION 2 HOW THE CODE SIGNING PORTAL
More informationNational Student Clearinghouse's Web Services Network
Case Studies, B. Lheureux Research Note 3 January 2003 National Student Clearinghouse's Web Services Network NSC provides access to U.S.-based college and university student records via electronic data
More informationSAFE-T RSACCESS REPLACEMENT FOR MICROSOFT FOREFRONT UNIFIED ACCESS GATEWAY (UAG)
SAFE-T RSACCESS REPLACEMENT FOR MICROSOFT FOREFRONT UNIFIED ACCESS GATEWAY (UAG) A RSACCESS WHITE PAPER 1 Microsoft Forefront Unified Access Gateway Overview 2 Safe-T RSAccess Secure Front-end Overview
More informationHigher National Unit Specification. General information for centres. Unit title: Enhancing Network Security and Configuring Remote Access Methods
Higher National Unit Specification General information for centres Unit code: D7JV 35 Unit purpose: This Unit is designed to enable candidates to increase network security through authentication, encryption
More informationPortal Administration. Administrator Guide
Portal Administration Administrator Guide Portal Administration Guide Documentation version: 1.0 Legal Notice Legal Notice Copyright 2013 Symantec Corporation. All rights reserved. Symantec, the Symantec
More informationSafeEnterprise SSL igate Managing Central Access to Resources with VPX Technology
SafeEnterprise SSL igate Managing Central Access to Resources with VPX Technology Introduction SSL is a well-established, high performing and secure technology for Internet transactions. The strength of
More informationELECTRONIC PRESENTATION AND E-SIGNATURE FOR ELECTRONIC FORMS, DOCUMENTS AND BUSINESS RECORDS ALPHATRUST PRONTO ENTERPRISE PLATFORM
W H I T E P A P E R ELECTRONIC PRESENTATION AND E-SIGNATURE FOR ELECTRONIC FORMS, DOCUMENTS AND BUSINESS RECORDS ALPHATRUST PRONTO ENTERPRISE PLATFORM This white paper is written for senior executives,
More informationHow To Understand And Understand The Security Of A Key Infrastructure
Security+ Guide to Network Security Fundamentals, Third Edition Chapter 12 Applying Cryptography Objectives Define digital certificates List the various types of digital certificates and how they are used
More informationSPECIAL REPORT ENTERPRISE-CLASS SPAM SOLUTIONS A Q&A SESSION WITH GARTNER
SPECIAL REPORT ENTERPRISE-CLASS SPAM SOLUTIONS A Q&A SESSION WITH GARTNER Exclusive Gartner Analyst Interview with Arabella Hallawell As e-mail volume continues to increase, enterprises are faced with
More informationFederal Trade Commission Privacy Impact Assessment for:
Federal Trade Commission Privacy Impact Assessment for: DCBE Websites and Blogs Consumer.ftc.gov, Consumidor.ftc.gov, OnGuardOnline, AlertaenLinea, Consumer.gov, Consumidor.gov and the BCP Business Center
More informationCOM-18-8578 K. Harris, D. Free, D. Furlonger
K. Harris, D. Free, D. Furlonger Research Note 23 January 2003 Commentary The RTE in Financial Services: One Size Does Not Fit All The application of real-time enterprise concepts is a competitive necessity
More informationPRACTICE NOTE 1013 ELECTRONIC COMMERCE - EFFECT ON THE AUDIT OF FINANCIAL STATEMENTS
PRACTICE NOTE 1013 ELECTRONIC COMMERCE - EFFECT ON THE AUDIT OF FINANCIAL STATEMENTS (Issued December 2003; revised September 2004 (name change)) PN 1013 (September 04) PN 1013 (December 03) Contents Paragraphs
More informationAgenda. How to configure
dlaw@esri.com Agenda Strongly Recommend: Knowledge of ArcGIS Server and Portal for ArcGIS Security in the context of ArcGIS Server/Portal for ArcGIS Access Authentication Authorization: securing web services
More informationVeson Nautical Website Privacy Policy
Veson Nautical Website Privacy Policy Veson Nautical Corporation (including its affiliated companies, Veson, we, or us ) has created this Privacy Policy ("Policy") in order to provide you with information
More informationA new Secure Remote Access Platform from Giritech. Page 1
A new Secure Remote Access Platform from Giritech Page 1 Remote users have preferences G/On 5 works for Windows, Mac and Linux The G/On Client user experience is specific to the operating system Users
More information2002-2003 Web Services Development, North America (Executive Summary) Executive Summary
2002-2003 Web Services Development, North America (Executive Summary) Executive Summary Publication Date: 3 July 2003 Authors Nicole S. Latimer Colleen Graham Joanne M. Correia Norma Schroder This document
More informationREPLACING THE SSL CERTIFICATE
Juniper Secure Analytics REPLACING THE SSL CERTIFICATE Release 2014.1 Juniper Networks, Inc. 1194 North Mathilda Avenue Sunnyvale, CA 94089 USA 408-745-2000 www.juniper.net Published: 2014-03-14 Copyright
More informationAutomation for Electronic Forms, Documents and Business Records (NA)
Automation for Electronic Forms, Documents and Business Records (NA) White Paper Learn more. www.alphatrust.com Automation for Electronic Forms, Documents and Business Records (NA) White Paper About AlphaTrust
More informationCIO Update: Microsoft's Business Intelligence Strategy Is a Work in Progress
IGG-05282003-04 B. Hostmann, K. Strange Article 28 May 2003 CIO Update: Microsoft's Business Intelligence Strategy Is a Work in Progress Microsoft s SQL Server and related business intelligence (BI) products
More informationipad in Business Security
ipad in Business Security Device protection Strong passcodes Passcode expiration Passcode reuse history Maximum failed attempts Over-the-air passcode enforcement Progressive passcode timeout Data security
More informationWindows Web Based VPN Connectivity Details & Instructions
VPN Client Overview UMDNJ s Web based VPN utilizes an SSL (Secure Socket Layer) Based Cisco Application that provides VPN functionality without having to install a full client for end users running Microsoft
More informationSecuring your Online Data Transfer with SSL
Securing your Online Data Transfer with SSL A GUIDE TO UNDERSTANDING SSL CERTIFICATES, how they operate and their application 1. Overview 2. What is SSL? 3. How to tell if a Website is Secure 4. What does
More informationIT Services Opportunities in IP Telephony (Executive Summary) Executive Summary
IT Services Opportunities in IP Telephony (Executive Summary) Executive Summary Publication Date: 12 January 2004 Author Eric Goodness This document has been published to the following Marketplace codes:
More information