Venafi, the leading provider of machine identity protection, and nCipher Security,
the provider of trust, integrity and control for critical business
information and applications, today announced a new technology
partnership and integration. The integrated solution combines Venafi Advanced Key Protect with nCipher nShield hardware security modules (HSMs)
and can be used to scale the generation and protection of machine
identities - even in complex, high‐security environments.
Cryptographic
keys serve as machine identities and are the foundation of enterprise
information technology systems. HSMs provide organizations with a
trusted, proven and auditable way to secure these machine identities.
However, many organizations create custom scripts and use other manual
processes to generate keys, leaving them much more vulnerable to attack
and introducing new risks to the global enterprise.
With
the integration of Venafi Advanced Key Protect and nCipher nShield
HSMs, organizations ensure the strongest cryptographic keys are always
used across the enterprise. Featuring the same automation available in
the Venafi Platform, TLS and SSL keys are generated centrally and
securely within nShield HSMs. For even greater security, TLS keys remain
on the nShield HSM throughout their entire life cycle - from key
generation and certificate issuance to rekey and renewal processes.
"Our
integration with nCipher nShield HSMs is easy to deploy, reduces errors
and dramatically cuts the time and resources required to use SSL and
TLS keys and certificates with HSMs," said Kevin Bocek, chief
cybersecurity strategist for Venafi. "Through our partnership with
nCipher, we are providing organizations the ability to automate machine
identity life cycles with the highest level of protection possible. This
includes protection for the most popular web services in enterprises
today such as Microsoft IIS, Apache and Java application servers. Our
integrated solution also works immediately with all of the leading
certificate authorities in the Venafi Technology Network."
Key benefits of Venafi and nCipher's integration include:
- Improves policy and workflow controls that enable fast, automated orchestration of keys.
- Significantly
reduces the risk of keys being stolen from file systems, software
certificate stores and system memory - including the risk from
side-channel attacks such as Spectre and Meltdown.
- Manages certificates and keys in a FIPS 140‐2 Level 2 and Common Criteria EAL4+ hardened, high-assurance environment.
- Increases the number of strong keys generated from a NIST‐certified random bit generator (RBG).
- Orchestrates the use of HSMs under strict policy control across the enterprise.
"As
our customers make the transition to increasingly digital environments,
they need to trust the machines that are used across their networks to
support critical business functions such as securing web transactions,
privileged access and authenticating software code," said Peter Galvin,
chief strategy officer at nCipher Security. "If the identities of these
machines are not authenticated and protected, then they are open to
misuse by cybercriminals. Through a consistent use of strong
cryptographic keys, Venafi and nCipher make it possible for customers to
own and control the keys and certificates used to authenticate machine
identities and establish trust in these digital transactions."