Page 4 of 4
Extending from within the ceremony room is a separate room housing a series of safes where the actual key devices are stored. The safes are designed to sustain temperatures less than 140 degrees Fahrenheit, even if everything around them should burn to the ground. Similar to the ceremony room, this room, too, can only be entered by a minimum of two authorized people. The system clearly tracks the numbers closely. Although three authorized people were present for our tour, when two of them tried to enter the safe room, access was denied because their departure would have left only one authorized person in the ceremony room itself.
Access to the root key and the intermediate keys require the use of a series of colorful plastic keys that resemble children's toys. These are held by different individuals from the client organization, as well as Symantec. It takes at least three of these keys to gain access to the intermediate and root keys.
An extensive logging process is also in place for virtually every function, including the addition of new devices, the removal of devices, etc. Also, when authorized individuals leave the sensitive areas, they are required to check out of those areas in much the same way that they checked in. Failure to do so would trigger a notification to security guards who would then check the video feed, because the guards, themselves, are not authorized to enter the room either.
Computing and networking hardware is nothing out of the ordinary, given that Symantec prefers to be able to replace physical systems quickly and easily, using off-the-shelf gear. But security and software are often different from what you would find through your typical distributor. Any hardware used in this facility must be approved by NIST.
"It's not what we use, it's how we use it," summarized Claar.