Symantec's Certificate Authority 'Vault': $11M Worth Of James Bond-Like Security

By Ken Presti
August 16, 2012 10:00 AM ET

Page 2 of 4

The development of the digital certificate keys, as well as the storage of those keys, thereby becomes a highly sensitive function that needs to project security both in fact and in appearance in order to gain the confidence of the online merchants and other organizations that commission Symantec's certificate authority services. Last year, a competing certificate authority ran into trouble on the security front and filed bankruptcy a short time later. Once trust is gone, it becomes a difficult thing to restore.

"Through our business model as a PKI service provider, we are asking customers to outsource a critical security function," said senior manager Ralph Claar, who became an expert in cryptography during a previous career in the U.S. Navy. "So we need to instill a high level of trust that we can adequately protect their data and information. So we need a very strong and robust security infrastructure."

There are 13 data centers that check on average of 4.5 billion daily certificate validation queries on a 24/7 basis. Though individual data centers are sometimes taken off-line for maintenance, the overall network has maintained 100 percent uptime since 2004.

A network operations center monitors not only the internal systems, but also the health of the Internet. If there is an outage somewhere in the world, the Symantec NOC is bound to see it, and be able to answer customer queries on ISP outages while generally monitoring the services that are supported by Symantec.

The facility in Mountain View, Calif., is a backup to the primary facility located in Delaware. Symantec spent more than $11 million on security in this building, which also houses the overall network's disaster recovery systems.

Security features include cameras, card keys and pins, firewalls, IDS systems, biometric scanners, human guards, and iron grids in the walls that extend from the concrete slab to the actual roof, thereby making an attempt to burrow through the wall a futile exercise. Server racks were secured with military-grade locks with combinations known to only six people. A diesel generator is constantly on standby to defend against any power outages. Even the redundant systems seemed to have redundant systems.

"We also have solutions in place that aggregate event data from the various devices and systems, and correlate those events to look for anomalous or unauthorized behavior within the environment," said Hans Gustavson, operations director, Trust Services Infrastructure Operations.

NEXT: Redundancy Is King

<< Previous | 1 | 2 | 3 | 4 | Next >>

To continue reading this article, please download the free CRN Tech News app for your iPad or Windows 8 device.

Related: Videos | Slide Shows | Comments

SHARE THIS ARTICLE

More Security

Comments by Vanilla

Recent Articles

	Head-To-Head: Symantec Vs. McAfee In Endpoint Protection McAfee and Symantec are archrivals with a firm grip on the North American security market. CRN pits both vendors' endpoint security products against each other and names a winner.
	The 8 Steps Behind The Massive $45M Cyber Bank Heist More than $45 million was stolen from banks in the U.S. and 19 other countries in a scheme that law enforcement is calling an international conspiracy to drain millions from bank accounts using stolen debit cards and PIN numbers. Here's how they did it.
	Name Of The Game: Top 10 States For Identity Theft A Federal Trade Commission report provides statistics on identity theft and fraud complaints in 2012. Learn which state has the dubious distinction of having the most victims.
	More Slide Shows