Symantec's Certificate Authority 'Vault': $11M Worth Of James Bond-Like Security

By Ken Presti
August 16, 2012 10:00 AM ET

Page 1 of 4

Designed to be a virtual showcase for advanced security, Symantec's certificate authority vault boasts a collection of some of the most advanced security measures aimed at protecting digital certificates that power the e-commerce industry today. Before CRN's tour of the "vault" even began, the specter of extremely tight security became clear.

When the media relations rep pulled his employee badge from the retractable reel attached to his belt and held the card to the electronic reader mounted at the entrance of the facility, nothing happened. Anywhere else on the Symantec campus, that badge would've worked like a charm. But, this nondescript, unmarked building was different. It houses much of Symantec's most sensitive and sophisticated infrastructure around PKI and digital certificates. The value of the information stored here is limited only by the imagination of the crook who might try to steal some of it. That has never happened in the past, and the objective of this tour was to show CRN how and why it hasn't.

The voice of a security guard crackled through the intercom and grilled the media rep as to who we were and why we were there. We were eventually buzzed into a small lobby with four interior doors; three of which had electronic locks that required both a card key and a PIN, similar to the exterior door. The fourth was an ordinary conference room occupied by people who would deliver the initial briefing.

A small tray of food waited on a side table. We silently wondered if those sandwiches might have tiny tracking devices that would transmit our whereabouts for the rest of our lives. What we were about to see was seemingly inspired by Tom Clancy novels, but the sandwiches had to be low-tech.

We're pretty sure they were, anyway.

From the time that e-commerce first became popular, its continued success has largely been based on digital certificates that are designed to establish that the buyer is genuinely sending payment information to the company with whom they are actually trying to do business. Anyone who can get between the buyer and the seller would have a wealth of information that could most literally be converted into a wealth of wealth.

NEXT: Security At A Higher Level

1 | 2 | 3 | 4 | Next >>

To continue reading this article, please download the free CRN Tech News app for your iPad or Windows 8 device.

Related: Videos | Slide Shows | Comments

SHARE THIS ARTICLE

More Security

Comments by Vanilla

Recent Articles

	Head-To-Head: Symantec Vs. McAfee In Endpoint Protection McAfee and Symantec are archrivals with a firm grip on the North American security market. CRN pits both vendors' endpoint security products against each other and names a winner.
	The 8 Steps Behind The Massive $45M Cyber Bank Heist More than $45 million was stolen from banks in the U.S. and 19 other countries in a scheme that law enforcement is calling an international conspiracy to drain millions from bank accounts using stolen debit cards and PIN numbers. Here's how they did it.
	Name Of The Game: Top 10 States For Identity Theft A Federal Trade Commission report provides statistics on identity theft and fraud complaints in 2012. Learn which state has the dubious distinction of having the most victims.
	More Slide Shows