Page 3 of 4
"The redundancy ties back to our requirement for availability and performance," explained Gustavson. "Because of the critical nature of our service, we strive to maintain 100 percent uptime for our services. So to that degree we have implemented redundancy around mechanical, electrical and building functions, as well as with the network and other compute/storage functions. We have implemented all of these solutions in order to maintain service regardless of whether we undergo planned maintenance or have unplanned issues."
The deeper you travel into the installation, the more strenuous the security precautions become. When you reach the most sensitive areas, such as the data center and the so-called, "key ceremony room," card keys and PINs are supplemented by fingerprint readers and iris scanners. And in order to gain entry, more than one authorized person must be checking into the room before the door will open.
Employees who are authorized to enter the data center are, by default, not authorized to enter the ceremony room unless they are accompanied by an employee specifically authorized for that location. The reverse is also true. By establishing this sort of human firewall, the risk of any internal malfeasance is thereby reduced. To further eliminate the risk associated with potential internal threats, an extended background check is necessary for any employees who would enter those locations, and that status needs to be maintained on an ongoing basis.
"It's as strenuous as we can be without being a governmental agency," said Gustavson. "It's the most rigorous background check that can be done as a commercial entity."
It is called the ceremony room because it is the location where customers are brought for the creation of keys used to support their online certificates.
"That is the room where the key creation takes place and all of those lifecycle events related to the CA creation, the root certificate creation," explained Claar. "So we have to ensure that no one is installed on the malicious code on machines used to generate those keys. It's all about maintaining the integrity."
A lengthy and detailed script is developed for each meeting, and that script must be followed on a line-by-line basis. Meanwhile, a series of cameras records the entire event, including the people in the room, the keys themselves, and shots of the computer screens. "All of this is designed so that we could take it into a courtroom if we needed to," said Claar. "But we've never had to do that in the past."
NEXT: The Safe Room