Symantec's Certificate Authority 'Vault': $11M Worth Of James Bond-Like Security


Symantec Certificate Authority

 

 

Designed to be a virtual showcase for advanced security, Symantec's certificate authority vault boasts a collection of some of the most advanced security measures aimed at protecting digital certificates that power the e-commerce industry today. Before CRN's tour of the "vault" even began, the specter of extremely tight security became clear.

 

 

When the media relations rep pulled his employee badge from the retractable reel attached to his belt and held the card to the electronic reader mounted at the entrance of the facility, nothing happened. Anywhere else on the Symantec campus, that badge would've worked like a charm. But, this nondescript, unmarked building was different. It houses much of Symantec's most sensitive and sophisticated infrastructure around PKI and digital certificates. The value of the information stored here is limited only by the imagination of the crook who might try to steal some of it. That has never happened in the past, and the objective of this tour was to show CRN how and why it hasn't.

The voice of a security guard crackled through the intercom and grilled the media rep as to who we were and why we were there. We were eventually buzzed into a small lobby with four interior doors; three of which had electronic locks that required both a card key and a PIN, similar to the exterior door. The fourth was an ordinary conference room occupied by people who would deliver the initial briefing.

[Related: RSA Fraud Report: Security By the Numbers]

A small tray of food waited on a side table. We silently wondered if those sandwiches might have tiny tracking devices that would transmit our whereabouts for the rest of our lives. What we were about to see was seemingly inspired by Tom Clancy novels, but the sandwiches had to be low-tech.

We're pretty sure they were, anyway.

From the time that e-commerce first became popular, its continued success has largely been based on digital certificates that are designed to establish that the buyer is genuinely sending payment information to the company with whom they are actually trying to do business. Anyone who can get between the buyer and the seller would have a wealth of information that could most literally be converted into a wealth of wealth.

NEXT: Security At A Higher Level