Symantec's Certificate Authority 'Vault': $11M Worth Of James Bond-Like Security

By Ken Presti
August 16, 2012 10:00 AM ET

Page 3 of 4

"The redundancy ties back to our requirement for availability and performance," explained Gustavson. "Because of the critical nature of our service, we strive to maintain 100 percent uptime for our services. So to that degree we have implemented redundancy around mechanical, electrical and building functions, as well as with the network and other compute/storage functions. We have implemented all of these solutions in order to maintain service regardless of whether we undergo planned maintenance or have unplanned issues."

The deeper you travel into the installation, the more strenuous the security precautions become. When you reach the most sensitive areas, such as the data center and the so-called, "key ceremony room," card keys and PINs are supplemented by fingerprint readers and iris scanners. And in order to gain entry, more than one authorized person must be checking into the room before the door will open.

Employees who are authorized to enter the data center are, by default, not authorized to enter the ceremony room unless they are accompanied by an employee specifically authorized for that location. The reverse is also true. By establishing this sort of human firewall, the risk of any internal malfeasance is thereby reduced. To further eliminate the risk associated with potential internal threats, an extended background check is necessary for any employees who would enter those locations, and that status needs to be maintained on an ongoing basis.

"It's as strenuous as we can be without being a governmental agency," said Gustavson. "It's the most rigorous background check that can be done as a commercial entity."

It is called the ceremony room because it is the location where customers are brought for the creation of keys used to support their online certificates.

"That is the room where the key creation takes place and all of those lifecycle events related to the CA creation, the root certificate creation," explained Claar. "So we have to ensure that no one is installed on the malicious code on machines used to generate those keys. It's all about maintaining the integrity."

A lengthy and detailed script is developed for each meeting, and that script must be followed on a line-by-line basis. Meanwhile, a series of cameras records the entire event, including the people in the room, the keys themselves, and shots of the computer screens. "All of this is designed so that we could take it into a courtroom if we needed to," said Claar. "But we've never had to do that in the past."

NEXT: The Safe Room

<< Previous | 1 | 2 | 3 | 4 | Next >>

To continue reading this article, please download the free CRN Tech News app for your iPad or Windows 8 device.

Related: Videos | Slide Shows | Comments

SHARE THIS ARTICLE

More Security

Comments by Vanilla

Recent Articles

	Head-To-Head: Symantec Vs. McAfee In Endpoint Protection McAfee and Symantec are archrivals with a firm grip on the North American security market. CRN pits both vendors' endpoint security products against each other and names a winner.
	The 8 Steps Behind The Massive $45M Cyber Bank Heist More than $45 million was stolen from banks in the U.S. and 19 other countries in a scheme that law enforcement is calling an international conspiracy to drain millions from bank accounts using stolen debit cards and PIN numbers. Here's how they did it.
	Name Of The Game: Top 10 States For Identity Theft A Federal Trade Commission report provides statistics on identity theft and fraud complaints in 2012. Learn which state has the dubious distinction of having the most victims.
	More Slide Shows