Page 2 of 4
The development of the digital certificate keys, as well as the storage of those keys, thereby becomes a highly sensitive function that needs to project security both in fact and in appearance in order to gain the confidence of the online merchants and other organizations that commission Symantec's certificate authority services. Last year, a competing certificate authority ran into trouble on the security front and filed bankruptcy a short time later. Once trust is gone, it becomes a difficult thing to restore.
"Through our business model as a PKI service provider, we are asking customers to outsource a critical security function," said senior manager Ralph Claar, who became an expert in cryptography during a previous career in the U.S. Navy. "So we need to instill a high level of trust that we can adequately protect their data and information. So we need a very strong and robust security infrastructure."
There are 13 data centers that check on average of 4.5 billion daily certificate validation queries on a 24/7 basis. Though individual data centers are sometimes taken off-line for maintenance, the overall network has maintained 100 percent uptime since 2004.
A network operations center monitors not only the internal systems, but also the health of the Internet. If there is an outage somewhere in the world, the Symantec NOC is bound to see it, and be able to answer customer queries on ISP outages while generally monitoring the services that are supported by Symantec.
The facility in Mountain View, Calif., is a backup to the primary facility located in Delaware. Symantec spent more than $11 million on security in this building, which also houses the overall network's disaster recovery systems.
Security features include cameras, card keys and pins, firewalls, IDS systems, biometric scanners, human guards, and iron grids in the walls that extend from the concrete slab to the actual roof, thereby making an attempt to burrow through the wall a futile exercise. Server racks were secured with military-grade locks with combinations known to only six people. A diesel generator is constantly on standby to defend against any power outages. Even the redundant systems seemed to have redundant systems.
"We also have solutions in place that aggregate event data from the various devices and systems, and correlate those events to look for anomalous or unauthorized behavior within the environment," said Hans Gustavson, operations director, Trust Services Infrastructure Operations.
NEXT: Redundancy Is King