Easing the Pains of Certificate Management


Published on

This paper analyzes SSL certificates and the growing need for SSL implementation
and management. In addition, it identifies many challenges customers face with the
management of certificates and the risks that come with improper certificate
management. The latest baseline standards created by the Certificate Authority
(CA)/Browser forum are also examined with a discussion around why these
standards are important. Finally, this paper will present Entrust’s Certificate
Management Service (CMS), a solution that Frost & Sullivan believes provides many
advantages for organizations’ information security infrastructure.

Published in: Technology
  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

Easing the Pains of Certificate Management

  1. 1. 50 Years of Growth, Innovation and LeadershipEasing the Pains of Certificate Management:An Overview of Entrust, the No. 2 Providerof SSL Certificates in the Market A Frost & Sullivan White Paper www.frost.com
  2. 2. Frost & Sullivan Executive Summary ......................................................................................... 3 Introduction .................................................................................................... 4 What are Certificate Authorities and How are SSL Certificates Issued? .................................................................... 5 Privacy and Trust ............................................................................................. 6 The Increasing Need for SSL .......................................................................... 7 Information Security Best Practices and Digital Certificates ......................... 8 The Creation of Best Practices with Digital Certificates ................................. 8 Customer Challenges Managing SSL Certificates ........................................... 9 Multiple Certificate Sources ........................................................................... 9 Managing a Broad Array of Certificates .......................................................... 9 Certificates in an Environment ........................................................................ 9 Unexpected Expiration of Certificates ............................................................ 10 Maintaining Required Encryption Levels ......................................................... 10 Complying with Security Policy or Regulations ............................................... 10 Risk of Data Breach ........................................................................................ 10 Selecting a Certificate Authority—Balancing Value and Trust .......................... 11 Entrust Meets Today’s Challenges.................................................................... 11 Comprehensive Management Platform and Discovery Solutions ..................... 12 Flexible Deployment and Subscription Model ................................................. 13 Personalized Sales and Service ........................................................................ 14 Trusted Security Brand .................................................................................... 14 The Final Word ................................................................................................ 14 CONTENTS
  3. 3. Easing the Pains of Certificate ManagementEXECUTIVE SUMMARYDigital certificates are an essential piece of an organization’s securityinfrastructure. The need to secure multiple lines of data transfer is at an all-timehigh as organizations face the ever-changing methods criminals use to breach anorganization. Consumers and end users have always relied on a trusted relationbetween themselves and the organization providing the content. End users haveassumed that a secure line of communication exists. This is achieved through theinstallation of a digital certificate in the form of a Secure Socket Layer (SSL) digitalcertificate. SSL certificates, cryptographic protocols that allow for the securetransmission of data over the Internet, are only as strong as the verification processthe Certificate Authority performs to authenticate the organization.In 2011, that implicit trust was tested by the attacks and breaches of multiplecertificate authorities. While industry participants have gone to great lengths toassure customers that trust has not been affected, the industry has been forced tore-evaluate how business is done. The reliance on Domain Validated certificates,approximately 39 percent of all SSL certificates globally, has been heavily called intoquestion as the means to verify the authenticity of the organization. The need tofurther authenticate the organization is becoming a required aspect of the trustframework between the organization and the user. This increased authentication isleading more organizations to use Organization Validated and Extended Validatedcertificates, which as of 2011 were approximately 45 percent and 16 percent,respectively, of all certificates issued globally.SSL is only one type of digital certificate that organizations implement. Other flavorsof digital certificates also include code signing, Adobe CDS, and user and managed PKIcertificates. All these certificates can be found scattered throughout an organization’sIT environment, leaving administrators with the daunting task of managing all of them.While implementing a certificate in an environment is the first step in securing linesof transfer, it is not enough. Organizations face many challenges after theimplementation of a certificate. However, the challenges are not with the certificateitself. One challenge comes from managing all the certificates in an enterpriseenvironment. It is not uncommon for a customer/user to come across an alertwarning them of an unsecure site due to being incapable of verifying the validity ofthe certificate in place. Not only can this disrupt day-to-day operations, but it alsocan create customer/user confusion on whether to bypass the warning or exit thesite, leading to either loss of confidence in the organization or loss of businessrevenue. Finding and managing multiple certificate types from multiple sources is alsoa major challenge. This can also become burdensome when an administrator in chargeof certificates leaves the company or changes roles. Without a detailed inventory ofthese certificates, it is more difficult for organizations to manage encryption levels onthe certificates, replace non-compliant certificates to comply with security policy orregulations, or assure there are no expired or rogue certificates in the environment. frost.com 3
  4. 4. Frost & Sullivan This paper analyzes SSL certificates and the growing need for SSL implementation and management. In addition, it identifies many challenges customers face with the management of certificates and the risks that come with improper certificate management. The latest baseline standards created by the Certificate Authority (CA)/Browser forum are also examined with a discussion around why these standards are important. Finally, this paper will present Entrust’s Certificate Management Service (CMS), a solution that Frost & Sullivan believes provides many advantages for organizations’ information security infrastructure. INTRODUCTION IT administrators have long struggled with managing their certificates. The challenge does not come just from the implementation of the technology, but from the management of the certificates after they have been implemented. Imagine being an administrator in a large enterprise in charge of thousands of digital certificates without a proper database to know what certificates are available/being used, where they are, what they contain, and when they expire. The threat of stopping business operations due to a rogue or expired certificate can be costly. Whether it is due to change in management or change of responsibilities, the management of digital certificates can become a headache for any IT administrator. Regardless of the size of the organization, the inability to manage hundreds of certificates can result in unexpected expiration of certificates. In realizing this problem, some Certificate Authorities (CAs), such as Entrust, have developed certificate management systems and discovery solutions to scan for and manage all the certificates in a network. In 2011, a hacker named “Comodohacker” claimed responsibility for the breaches of Comodo and DigiNotar. In the case of Comodo, the certificate authority, the hacker spoofed digital certificates for prominent websites through the use of a CA reseller account. With the DigiNotar case, the hacker accessed DigiNotar’s systems, issuing multiple fraudulent certificates. As the certificate authority in charge of the Dutch government’s public key infrastructure, the government was put on full alert of investigating the attack. The company was subsequently shut down. In addition to these attacks, the hacker threatened the possibility of compromising other CAs, which would be a huge blow to the SSL certificate industry. This hit CAs at the core value—trust. These breaches signify that even security vendors can be susceptible to breaches if the proper steps are not in place to proactively safeguard their systems or have a best-practice methodology in place. 4 frost.com
  5. 5. Easing the Pains of Certificate ManagementWHAT ARE CERTIFICATE AUTHORITIES AND HOW ARE SSLCERTIFICATES ISSUED?The most common digital certificate process consists of vendors and CAs whoissue SSL certificates to secure an organization’s or individual’s website and Webserver. As defined by the CA/Browser forum, a CA is a trusted third party thatissues digital certificates and is the organization responsible for the creation,issuance, revocation, and management of those certificates. 1 CAs manage securitycredentials and public keys of these certificates. As the authority, CAs areresponsible for completing the process of properly validating organizations prior toissuing a certificate. Once ownership of a website is validated, the certificaterequested is issued. High-assurance certificates, which are organization andextended validated certificates, may contain information such as: • The name and information identifying the organization issued the certificate • The organization’s public key to encrypt sensitive information • The name of the CA who issued the certificate • A serial number • The certificate’s validity periodA SSL certificate is an encryption technology installed on Web servers that allowstransmission of sensitive data through an encrypted connection in a browser. SSLcertificates ensure any transmission of data will not be compromised or captured byhackers and criminals. When a user makes a request and wants to send sensitiveinformation to the Web server, the browser will access the server’s SSL certificate toobtain its public key to encrypt the data. With its private key, only the server can decryptthe information being sent, which keeps the information confidential and tamper proof. 1 “Frequently Asked Questions - Extended Validation SSL.” CA/Browser Forum. 10 January 2012. http://www.cabforum.org/faq.html frost.com 5
  6. 6. Frost & Sullivan Figure 1—SSL Transmission Process SSL Transmission ProcessSSL Transmission Process Request of secure page Public key and certificate is sent Certificate check—encryption Private key decryption—requested data sent Perhaps more important than the encryption of the channel, SSL certificates also provide various levels of identity assurance to site visitors. According to Frost & Sullivan’s market research, Domain Validated, Organization Validated, and Extended validation certificates accounted for 39 percent, 45 percent and 16 percent, respectively, of certificates issued. 2 DV certificates, the lowest assurance level of SSL certificates, only require the authentication of ownership of a domain in order to be issued, which has led to rapid adoption. However, the issue within the security industry regarding DV certificates is the lack of thoroughly validating the certificate requester. Within the CA breaches of 2011, the types of certificates issued were DV certificates. Entrust, along with many within the market, firmly believe that DV does not offer sufficient authentication. There is much effort put into validating a certificate requester for OV and EV certificates. At minimum, OV certificates require validation of the organization and ownership of the domain. EV certificates require validation of everything from the organization, location of the organization, rights to the domain, to the person requesting the certificate. Before 2011, only EV certificates had associated baseline standards, which were created by the CA/Browser forum. Privacy and Trust The need to secure lines of data transfer and provide identity assurance continues to be a top priority of organizations. As more organizational services and transactions migrate online, organizations must keep sensitive data private and secure. And to ensure site visitors leverage those online services, assuring them of the organizational 2 Martinez, Richard. “Analysis of the SSL Certificate Market.” Frost & Sullivan (1 November 2011): 20. 6 frost.com
  7. 7. Easing the Pains of Certificate Managementidentity is equally critical. In addition, as enterprises and governments rely more andmore on SSL, the number of certificates in use is growing dramatically. Manyorganizations have multiple providers due to a decentralized purchasing process,which worked when they were dealing with smaller volumes and infrequent requests,but is no longer manageable at current volumes. Trust is a key factor for customersdue to issues ranging from breaches to the concern about CAs lacking secureinfrastructures/partner resellers. This has made customers take a closer look atwhich CA they will partner with. One assuring characteristic customers look for isthat a CA is WebTrust certified. WebTrust is an independent organization whosecertification process is intended to reduce certain business risks and provide a levelof assurance to customers. 3 CAs that address principles in regards to security,availability, processing integrity, confidentiality, and privacy receive a WebTrust seal ontheir SSL Web page, identifying them as trusted vendors. Entrust is recognized as thefirst CA certified by WebTrust, which resulted in some of their processes and policiesbecoming the foundation of WebTrust certification.THE INCREASING NEED FOR SSLWith businesses relying heavily on online data transactions, criminal efforts arecontinuing to gain steam. For example, according to McAfee Threats Report: ThirdQuarter 2011, malware attacks were expected to exceed 70 million samples by theend of 2011. The persistent threats are not slowing down.Through malware exploitation, an external agent can capture data through what isthought of as a secure line. This can occur if either a SSL certificate is not in place ordoes not have the proper encryption strength in place. Man-in-the-Middle (MitM)attacks were highlighted when valid certificates were issued by Comodo andDigiNotar for prominent domains, such as google.com, and used by criminals. Phishingattacks also continue to be a popular method criminals use to deceive users. In Q32011, McAfee reported an average of 2,700 phishing URLs per day. In addition, McAfeereported its findings of 3,500 new sites delivering malware are created per day. MitMattacks are predicted to be a top cybercrime trend in 2012. 4 Overall, it is importantto note that in most cases, it is not just one type of attack that occurs in a singleattack. Multiple types of attacks build upon each other to steal data or commit fraud. 3 McAfee. “McAfee Threats Report: Third Quarter 2011.” Intel (January 2012): 1-23. 4 RSA, The Security Division of EMC. “RSA 2012 Cybercrime Trends Report: The Current State of Cybercrime and What to Expect in 2012,” EMC Corporation (January 2012): 1-8. frost.com 7
  8. 8. Frost & Sullivan INFORMATION SECURITY BEST PRACTICES AND DIGITAL CERTIFICATES Trust is the core characteristic of the relationship between CAs, digital certificates, organizations and users. For example, organizations rely on SSL certificates to assure users that when they access the organization’s site with an installed certificate, they are visiting the correct site and any information transmitted will be encrypted and safely transmitted. The SSL market was shaken by reports of breaches of several CAs. The CA/Browser forum realized that the lack of regulation of all certificate issuance processes needed to be reviewed. The CA/Browser Forum is a voluntary organization of leading certification authorities and vendors of Internet browser software and other applications. 5 The Creation of Best Practices with Digital Certificates Beginning in July 2012, the CA/Browser forum’s “Baseline Requirements for the Issuance and Management of Publicly Trusted Certificates” will take effect. These requirements are for the operation of certification authorities issuing SSL/TLS digital certificates. After the breaches of 2011, the call for best practices/baseline requirements grew louder within the security community and consumers, alike. The baseline requirements provide clear standards for CAs, including external sub-CAs and registration authorities, on: Entrust is an activeparticipant within the • Verification of identity CA/Browser forum, driving many • Certificate content and profiles initiatives to improvethe practice of issuing • CA security digital certificates. • Revocation mechanisms Dr. Tim Moses, an Entrust senior • Use of algorithms and key sizes director, is currently the chairman of the • Audit requirements CA/Browser forum. • Liability, privacy and confidentiality, and delegation Frost & Sullivan applauds the creation of the new baseline requirements created by the CA/Browser forum. As the efforts of hackers continue to become more sophisticated and complex, the business need for baseline requirements to create a best practice methodology is crystal clear. All parties will be positively affected by 5 “CA/Browser Forum Home Page.” CA/Browser Forum. 10 January 2012. http://www.cabforum.org/forum.html 8 frost.com
  9. 9. Easing the Pains of Certificate Managementthis new methodology. CAs will be safeguarded by the new requirements ofbusiness operation, and organizations, especially those with prominent websites,can be assured that criminals trying to create a phishing page or a MitM attack usinga certificate will be audited and denied.CUSTOMER CHALLENGES MANAGING SSL CERTIFICATESAccessing a website and getting an error message warning that the connection maynot be secure can be confusing for users. There is the question of whether thecertificate/website is valid. To a user that is not familiar with the certificate processand life cycle, they will either opt to forgo the website or ignore and bypass thewarning. In the case that a user bypasses the warning and the website is in fact aphishing site, a user’s sensitive data can be captured and used by criminals. This is aproblem that has plagued organizations. Making matters worse, keeping up withwhat certificates are in place, where, and how many are installed can be a dauntingtask for IT administrators if certificates have not been properly documented.Multiple Certificate SourcesIt is not uncommon for an organization to purchase multiple digital certificatesfrom multiple vendors. However, a problem that many organizations have is keepingtrack of the expiry date of each certificate. While purchasing certificates from oneCA offers the advantage of easily being able to view when a certificate waspurchased, this can get cumbersome when working with multiple CAs. Whether itis due to company mergers/acquisitions, better value at a particular time, or therole of an administrator handling the certificate changes, reaching out to multipleCAs to attempt to retrieve information about certificates purchased can become aheadache for organizations, leaving room for mistakes.Managing a Broad Array of CertificatesIn line with managing multiple certificates from multiple CAs, managing the type ofcertificates in an organization’s environment is very important. As discussed earlier,there are three types of SSL certificates available. Depending on Web page/serverspecifications laid out, an organization may opt for an OV certificate in one pageand an EV certificate in another. As websites develop over time, these requirementscould change and more/different types of certificates may be required. In addition,administrators often have more than SSL certificates to manage. Administratorsoften need to manage code signing certificates, Adobe CDS certificates, usercertificates, and managed PKI certificates in addition to SSL certificates.Certificates in an EnvironmentA perk that many organizations take advantage of is purchasing certificates in bulk,rather than buying a certificate just when they need one. In fact, this is a suggestedworking practice at larger organizations and government entities. The only drawback is frost.com 9
  10. 10. Frost & Sullivan accounting for those certificates. How long has a certificate been deployed? Where is it deployed? Has it been copied to multiple servers? When is its expiration date? How many certificates are left? What is its crypto-strength? These are all questions administrators have when trying to figure out what certificates are in their environment. Unexpected Expiration of Certificates In cases where a digital certificate can stop business operations, a question that comes to mind is, “How could this slip by?” A prime example of a mishap like this occurred in 2010, when the Target.com gift-card site was shut down because it gave a warning that the connection was not trusted. 6 The cause of this incident was an expired certificate. The problem, however, is challenging to avoid since in the absence of a failsafe process to renew a certificate (deploy a new certificate to replace the expiring certificate), the incumbent certificate will expire and potentially cause an outage. Maintaining Required Encryption Levels The strength of encryption in a SSL certificate can be broken up into two categories. A session key is created in the process of a user requesting information from a Web server. Public/private encryption strength is determined when the certificate signing request (CSR) and private key are created. 7 Depending on the level of sensitive data being accessed or processed, an administrator will have to change the encryption strength. However, effective December 31, 2013, 2048-bit key strength will be mandatory for publicly trusted SSL certificates. Complying with Security Policy or Regulations As legislative regulations and company security policies evolve, the need to make these changes in a timely manner is crucial to avoid potential fines or outages. For example, if the encryption levels of certificates on several servers need to be increased on a certain date due to a change in policy, having a tool that automatically sends a notification to administrators of when the change is needed and where the certificates reside helps to ensure organizational compliance. Risk of Data Breach The possibility of a data breach is always on the minds of IT administrators. In addition, a customer accessing an organization’s encrypted website expects that any data entered and transmitted will be safeguarded with proper encryption levels. If the encryption levels of certificates in place do not meet required levels, they can be targeted and cracked by criminals. 6 Schuman, Evan. "Target.com Blocked, SSL Certs Blamed." Web. 10 February 2012. http://storefrontbacktalk.com/securityfraud/target-com-blocked-ssl-certs-blamed 7 “SSL Details.” SSL Shopper. 10 January 2012. http://www.sslshopper.com/ssl-details.html 10 frost.com
  11. 11. Easing the Pains of Certificate ManagementSelecting a Certificate Authority—Balancing Value and TrustBased on the size of a potential customer and budget limitations, customers are notonly looking for the best bang for their buck. They are also looking for a companywith a reputable track record with high-assurance certificate offerings. Trust iscritical when choosing a CA. For example, if an organization needs switch out oftheir certificates due to a trust issue with a CA, the expense of certificates, themanpower and the time involved to transition makes this a painful process fororganizations. With the talks of commoditization in the SSL certificate market, CAsare relying on their track record and the facts behind that reputation to win overcustomers. While price points are a major topic of discussion, value features suchas types of certificates, helpful tools, and customer service also come into playwhen a customer makes a decision on choosing a CA provider.ENTRUST MEETS TODAY’S CHALLENGESEntrust is a highly respected certificate authority that focuses on offering only high-assurance SSL certificates, OV and EV, at the enterprise level. With a focus on theenterprise, Entrust is aware of and develops solutions for enterprise-class business needs.This has earned the company a reputation as a highly respected certificate authority andgarnered sales in the market. As a result, Entrust currently has the second-largest marketshare in the total CA market and in the issuance of high-assurance certificates.Figure 2—High-Assurance (Organization and Extended Validated)Certificates Issued Market Share 8 High-Assurance (Organization and Extended Validated) Certificates Issued Market Share 8 8% Symantec 28% Entrust Others* 64% *Others category includes more than 10 other companies that issue high-assurance certificates 8 Ibid., p. 7. frost.com 11
  12. 12. Frost & Sullivan Comprehensive Management Platform and Discovery Solutions Given the challenges that its customers face when it comes to managing all types of certificates, Entrust has raised the bar to develop a comprehensive solution that has the ability to discover and manage all certificate types. The cloud-based CMS enables organizations to efficiently manage their Entrust certificates through: • Administrative delegation and workflow • On-demand services • Audit and reporting tools • A strong verification process • A flexible subscription model Entrust CMS includes a discovery component that eases some of the pain of knowing what certificates are in an organization’s environment. This enables organizations to effectively create an inventory list of their certificates, regardless of certificate type or vendor, but it does not allow management of the certificates. A separate solution, called Entrust Discovery, takes certificate discovery a step further. Entrust Discovery provides organizations with the ability to manage certificate life cycles, regardless of certificate type or vendor, through expiration notifications, inventory lists and policy alerts. This avoids compliance problems, application outages, and management headaches. Figure 3—Certificates Found with Entrust Discovery 9 Certificates Found with Entrust Discovery 9 Miscellaneous CAPI Certificates Certificates Code-Signing Laptop MS CAPI Other—Cold Backups Desktop MS CAPI Entrust Discovery Server All Certificates • Email expiry notifications Certificate Types SSL Server • Policy violations MS CA • Reporting Any CA • Custom data • Single Certificate Interface Source: Entrust 9 “Entrust Certificate Discovery.” Entrust. 10 January 2012. http://www.entrust.net/discovery/index.htm 12 frost.com
  13. 13. Easing the Pains of Certificate ManagementFlexible Deployment and Subscription ModelEntrust offers CMS and Discovery as SaaS cloud solutions, enabling immediatedeployment, automatic updates, high availability, excellent performance, andincluded silver-level support. Entrust also offers an Enterprise model that allowsorganizations to host the Discovery component on-premise with complete controlover their data and application version. The two Discovery deployment modelsprovide an organization with the flexibility and security that fits them best.Figure 4—Entrust Discovery Deployment Models 10 Entrust Discovery Deployment Models10 Service Model Enterprise Model • Immediate Single • Customer deployment E-mail Expiry Certificate premises Notifications Interface • Automatic • Complete manager control updates Policy Custom over data Violations Data • Deployment • Application in secure version environment Reporting control Source: EntrustEntrust also provides its customers the choice of pooling concurrent licenses ornon-pooling subscription models. Pooling provides organizations the ability topurchase concurrent licenses and revoke a certificate, returning it to the licenserepository, with the ability to re-purpose the license as long as the certificate isvalid. Non-pooling gives organizations the ability to purchase certificates in termsof unit years. This gives organizations control over certificate purchases, dependingon business needs and budget requirements. 10 Ibid., p. 12. frost.com 13
  14. 14. Frost & Sullivan Personalized Sales and Service Entrust has proven in competitive situations that it can offer enterprises high-level certificates to effectively secure their lines of data transfer. Entrust CMS resolves the problems of finding where and what certificates are in an organization’s environment, effectively managing certificate term periods, and offers a compelling balance of value and trust. With a customer renewal rate above 98 percent and best-in-class customer support, Entrust has continuously proven to be a trusted security brand. Trusted Security Brand With approximately 40 percent of Fortune 500 companies using Entrust’s solutions, the company has built a reputation of developing around the needs of the enterprise and addressing those needs efficiently and effectively. The company provides competitively priced solutions without sacrificing quality. Entrust understands that trust is at the core of any security technology, and with consistent 30 percent year-over-year growth, Entrust’s solutions and services are clearly valued by its customers and the security industry. THE FINAL WORD As the methods criminals use to create breaches continue to grow, organizations must be able to secure all lines of data transfer. While it is fairly simple to implement a certificate into an organization’s environment, managing hundreds to thousands of certificates can be difficult. If an application outage occurs due to an expired certificate, the resulting loss of traffic can cost an organization hundreds of thousands to millions of dollars. The need to know where all certificates are implemented, the ability to change encryption levels to comply with regulations, and the ability to manage those certificates must be done efficiently. A comprehensive solution from a trusted vendor with a focus on delivering best-in-class digital certificates is ideal for organizations facing these challenges. Entrust has proven to be a top-ranked certificate authority that focuses on the needs of the enterprise. The company’s continued efforts in developing solutions for enterprise business needs led to the creation of Entrust CMS. Frost & Sullivan believes Entrust CMS is a complete solution that provides customers with a high-value service without a high price tag. 14 frost.com
  15. 15. Silicon Valley San Antonio London 331 E. Evelyn Ave. Suite 100 7550 West Interstate 10, 4, Grosvenor Gardens, Mountain View, CA 94041 Suite 400, London SWIW ODH,UK Tel 650.475.4500 San Antonio, Texas 78229-5616 Tel 44(0)20 7730 3438 Fax 650.475.1570 Tel 210.348.1000 Fax 44(0)20 7730 3343 Fax 210.348.1003 877.GoFrost • myfrost@frost.com http://www.frost.comABOUT ENTRUST:Entrust provides identity-based security solutions that empower enterprises, consumers, citizens andwebsites in more than 4,000 organizations spanning 60 countries. Entrusts identity-based approachoffers the right balance between affordability, expertise and service. With more than 125 patentsgranted and pending, these world-class solutions include strong authentication, physical and logicalaccess, credentialing, mobile security, fraud detection, digital certificates, SSL and PKI.www.entrust.netABOUT FROST & SULLIVANFrost & Sullivan, the Growth Partnership Company, partners with clients to accelerate their growth. The companysTEAM Research, Growth Consulting, and Growth Team Membership™ empower clients to create a growth-focusedculture that generates, evaluates, and implements effective growth strategies. Frost & Sullivan employs over 50 yearsof experience in partnering with Global 1000 companies, emerging businesses, and the investment community frommore than 40 offices on six continents. For more information about Frost & Sullivan’s Growth Partnership Services,visit http://www.frost.com.For information regarding permission, write:Frost & Sullivan331 E. Evelyn Ave. Suite 100Mountain View, CA 94041Auckland Dubai Mumbai Sophia AntipolisBangkok Frankfurt Manhattan SydneyBeijing Hong Kong Oxford TaipeiBengaluru Istanbul Paris Tel AvivBogotá Jakarta Rockville Centre TokyoBuenos Aires Kolkata San Antonio TorontoCape Town Kuala Lumpur São Paulo WarsawChennai London Seoul Washington, DCColombo Mexico City ShanghaiDelhi / NCR Milan Silicon ValleyDhaka Moscow Singapore