Entrust IdentityGuard Cloud Services PKI


Published on

Entrust IdentityGuard Cloud Services PKI establishes and manages certificate-based security across an organization through a reliable, customizable and flexible hosted public key infrastructure (PKI).
Entrust’s cloud-based PKI service eliminates up-front capital investment and significantly reduces on-going operation cost associated with in-house PKI software, provides built-in maintenance capabilities and speeds deployment time.

Published in: Technology
  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

Entrust IdentityGuard Cloud Services PKI

  1. 1. Entrust Managed Services PKIManaged PKI for your OrganizationEntrust Managed Services PKI establishes and manages certificate-based security Managed PKI Benefitsacross an organization through a reliable, customizable and flexible public • Reliable service with mission-criticalkey infrastructure (PKI). Entrust’s hosted PKI service eliminates up-front capital supportinvestment and significantly reduces on-going operation cost associated with • Reduces up-front investmentin-house PKI software, provides built-in maintenance capabilities and speedsdeployment time. • Includes maintenance and audit costs • Built-in certificate managementIndustry-Leading PKI On Demand • Secure, government-grade facilitiesFor years, security-conscious organizations have turned to Entrust for PKI security. • Simple, fast deploymentEntrust Managed Services PKI makes it easy to purchase exactly the PKI you need • Reduces internal IT coststoday — one that easily scales to meet future business requirements. Certificate • Flexible certificate deploymentdeployment is fast and easy. Plus, digital certificate renewal is automated to deliverreliable, hands-off security. • Rich policy to manage diverse user communitiesReliable Security • Email-signing and encryptionEntrust Managed Services PKI provides reliable service with continuous protection • Secure remote access (VPN)for your business. Housed in established secure facilities, the PKI service features a • Tamper-proof electronic distributionhighly available, fully redundant infrastructure with intelligent monitoring, robust of documentsdata backup and exceptional disaster recovery. • Encryption of documents and e-formsCertificate Administration & ManagementEntrust provides flexible enrollment and administration options, including CertificateRevocation Lists (CRL) and Online Certificate Status Protocol (OCSP) services. Thereis no need to register users in Active Directory, as with a Microsoft CA. Organizationsmay supply certificates to their own network of trusted users worldwide.Organizations also may manage certificates through a client-less Web applicationor with Entrust Entelligence Security Provider, an easy-to-deploy desktop client.Entrust provides Web-based certificate administration services to customers,without installing any client software on premise. This includes:• User Management Service (UMS), which allows certificate administrators to manage user accounts over the Web• User Registration Service (URS), which allows end-users to create accounts and Entrust digital IDs; users with a registration password can self-administer their user accounts and Entrust digital ID over the WebThe Ready-To-Go CAEntrust provides a highly available CA with intelligent monitoring and near real-timereplication between primary and standby disaster recovery facilities to minimizedowntown and data loss. High-end servers offer robust performance and scalabilityas your organization grows.
  2. 2. Flexible CA Models Entrust Managed Services PKI is available in several service models to provide maximum flexibility. In all models, data and access are consistently and strongly protected. Entrust Standard CA Non-Federal Issuers Shared Service Provider CA Offers dedicated CA partition to each customer. The Commonly known as an NFI SSP certification authority, issuing CA is shared by multiple customers, with each this service is for entities that require certificates trusted customer possessing its own Organization Unit (OU). The by the U.S. Federal government. The Entrust NFI SSP CA is CA is governed by a pre-established Certificate Policy (CP). cross‑certified with the Federal Bridge Certification Authority The service is cost-effective and can be quickly deployed. (FBCA). Issuing certificates for PIV-I cards is a common example of this service. Customer-Branded CA Federal Shared Service Provider (SSP) Certificates are under an organization’s control and are This is a hosted PKI service for employees of the U.S. Federal branded with the organization’s name. This model offers government, or their contractors, whom are sponsored by a tailored Certificate Policy (CP) and Certificate Practices the U.S. Federal departments. The Entrust Federal Root CA is Statement (CPS). Under this model, each customer is cross-certified with the Federal Common Policy CA. Issuing provided dedicated resources and setup, including a root certificates for PIV cards is a common example of this service. CA, issuing CA and dedicated Administration Service components. Entrust Professional Services also are available to assist with customization, installation and CA migration. Smartcards Administration USB Crypto Token ID Enrollment INTERNET 0101010 1010101 Roaming ID ENTRUST MANAGED SERVICES PKI Desktop ID Policy & Audit Transaction Details Confirmation code 302800 Web Service APIs MobileFigure 1: Entrust Managed Services PKI provides all the capabilities of a standard in-house PKI, but eliminates up-front capital investment and need for expert PKI staff.
  3. 3. CERTIFICATE INTEGRATION & MANAGEMENTEntrust Managed Services PKI enables the auto-enrollment of certificates to your network of trusted users, remote employees,partner, suppliers and devices, allowing end-users to sign documents and trust each other’s digital signatures. Auto‑enrollmentservices are also supported for VPN, Web users and devices.Automation via API Integration ToolkitsThe service provides Web service APIs for third-party Using Entrust’s library of toolkits, organizations may integrateapplications, such as mobile device management (MDM) PKI with unique security applications, such as smartcardapplications, to automatically enroll and revoke certificates management solutions, mobile device applications, oron to mobile devices. physical and logical access control systems. The Entrust Authority suite of toolkits lets organizations integrate certificates into non-CryptoAPI applications that rely on or use Java, the Java Platform, C, C++, IPsec, TLS and more.CORE SERVICES• CA with high-availability and disaster recovery • Generation and storage of CA certificate signing keys• Certificate and security management: in a tamper-proof device (HSM) • Key generation, storage and recovery • Annual audit by external third-party PKI auditor • Certificate generation and distribution, as well as CRL • FIPS 140-2-compliant tokens for Local Registration or OCSP validation Authorities or end-users • Issuance and management of certificates • Automated enrollment available• Completely automated certificate update and renewal • Web Service APIs for third-party software integration • 24x7 supportWHY ENTRUST?• Deployed in eGovernments worldwide • All data is backed up at a secure, off-site facility• Cryptographic components are evaluated annually against • CA operations and processes are audited annually the FIPS 140 and Common Criteria standards by an external auditor• Entrust issues certificates trusted by the U.S. Federal Bridge • Entrust is recognized by government, finance and industry Certification Authority (FBCA) leaders around the globe for unequalled PKI deployment• Provides cost-savings over in-house equipment and personnel experience
  4. 4. COMPLEMENTARY SOLUTIONSEntrust Entelligence Security Provider Entrust Authority ToolkitsThis thin-client desktop security software allows organizations to Entrust Authority toolkits provide a common set of servicesuse a single digital identity to add security capabilities beyond that permit developers to deploy applications that solveauthentication to applications such as email or file encryption. business problems without having to spend valuable development cycles creating these common services.Entrust IdentityGuard for EnterpriseFor added enterprise security and management, the Entrust Entrust Authority Security ManagerIdentityGuard software authentication platform allows Prefer an in-house PKI? Entrust Authority Security Manager isorganizations to tailor authentication — whether for physical, the world’s leading PKI and helps organizations easily managelogical or mobile access — depending on the type of user, risk their security infrastructure. The CA allows organizations toassessment and application. easily manage the digital keys and certificates that secure user and device identities.Entrust & YouMore than ever, Entrust understands your organization’s Company Factssecurity pain points. Whether it’s the protection of Website: www.entrust.cominformation, securing online customers, regulatory Employees: 359compliance or large-scale government projects, Entrust Customers: 5,000provides identity-based security solutions that are not only Offices: 10 globallyproven in real-world environments, but cost-effective intoday’s uncertain economic climate. Headquarters Three Lincoln CentreEntrust’s identity-based solutions empower enterprises, 5430 LBJ Freeway, Suite 1250consumers, citizens and websites in more than 5,000 Dallas, TX 75240 USAorganizations spanning 85 countries. This identity-basedapproach offers the right balance between affordability, Salesexpertise and service. For strong authentication, fraud North America: 1-888-690-2424detection, digital certificates, SSL and PKI, call 888‑690‑2424, EMEA: +44 (0) 118 953 3000email entrust@entrust.com or visit entrust.com/managedpki. Email: entrust@entrust.comAbout EntrustA trusted provider of identity-based security solutions, Entrust secures governments, enterprises and financial institutions in more than 5,000 organizations spanning85 countries. Entrust’s award-winning software authentication platforms manage today’s most secure identity credentials, addressing customer pain points for cloudand mobile security, physical and logical access, citizen eID initiatives, certificate management and SSL. For more information about Entrust products and services,call 888-690-2424, email entrust@entrust.com or visit www.entrust.com.Entrust is a registered trademark of Entrust, Inc. in the United States and certain other countries. In Canada, Entrust is a registered trademark of Entrust Limited. All other Entrust product names and servicenames are trademarks or registered trademarks of Entrust, Inc. or Entrust Limited in certain countries. All other company names, product names and logos are trademarks or registered trademarks of theirrespective owners. © 2012 Entrust. All rights reserved. 22885/7-12