QuoVadis provides trusted and certified global certificate authority services with nCipher
How a leading global certification authority moved to assure clients and auditors it could deliver the assurance and reliability they require.
THE GOAL: DELIVERING HIGH ASSURANCE CRYPTOGRAPHIC KEY MANAGEMENT
Founded in 1999, QuoVadis is a leading global certification authority, providing managed Public Key Infrastructure (PKI) services and trusted time stamping services for international companies and organizations. Headquartered in Bermuda, QuoVadis also has operations in Switzerland, the Netherlands, and the United Kingdom. The company is accredited as a Qualified Trust Service Provider (TSP) in multiple European countries, and issues eIDs under the Swiss SuisseID and Dutch PKI Overheid programs.
For QuoVadis, key management is critical to the success of their business as well as the countless client transactions driven by QuoVadis services. QuoVadis digital certificates and digital signature services are used to support high value applications that are subject to stringent security requirements and audit regimes. QuoVadis also provides a scalable trusted time stamping capability to support customers requiring a provable and auditable record of the exact time that a digital signature process took place.
QuoVadis relies on the superior key management capabilities of hardware security modules (HSMs) in many of its core activities. As the company grew and service offerings were expanded, QuoVadis needed a scalable and efficient solution that could satisfy customer requirements, as well as meet evolving security standards and accreditation regimes in multiple countries. The QuoVadis team knew they needed an HSM solution that combined operational efficiency with a proven security track record – and they needed a provider that could deliver the expertise they required to deploy HSM-based solutions in an increasingly complicated business environment.
THE CHALLENGE: COMPLEX AND OVERLAPPING STANDARDS FOR ACCREDITATION
The QuoVadis team had several major requirements. “First of all we felt we needed to upgrade the reliability and resiliency capabilities of our HSMs,” says Barry Kilborn, head of risk management at QuoVadis. “As a Trusted Third Party in client transactions, we need HSMs that are optimized for a high assurance, high availability, networked environment.”
And the most complicated requirement: they needed a solution that could achieve accreditation in all the countries where they provide trusted services, from a provider who understood the business and the intricacies of the regulatory environments in which the products would be deployed.
For QuoVadis, the stakes were significant. “Our business is focused on creating trusted internet identities and digital signature solutions on valuable transactions. Our customers need our solutions to deliver high assurance and absolute trust, and the HSMs are fundamental to that trust.”
THE BENEFITS: RELIABILITY, EASE OF USE AND COST SAVINGS
The nCipher Security solution offered a number of advantages says Barry Kilborn, head of risk management at QuoVadis:
- Reliability: nCipher enabled QuoVadis to quickly deploy reliable and flexible solutions. “We were very interested in minimizing potential problems. nCipher gave us more options from an operational perspective to minimize the risk of downtime.”
- Ease of use: With the nCipher Security World key management architecture, QuoVadis is able to manage their HSMs with greater automation and less administrative burden. “The nCipher solution was easier to use. And that’s very compelling when you’re setting up a lot of CAs. With multiple CAs, the amount of time key management takes becomes a tremendous burden. The unique nCipher Security World architecture allows us to achieve a high assurance level while managing keys much more efficiently than other solutions, and to provide more efficient service to our customers. And as a commercial CA with many CAs to manage, it’s a big plus to eliminate manual, people-intensive management tasks.”
- Cost savings: With nCipher, QuoVadis can offer nShield Edge USBconnected HSMs for their customers who carry out a lower volume of digital signing on their own premises. These economical HSMs provided a low cost solution that delivered high security for these customers.
THE SOLUTION: NCIPHER NSHIELD CONNECT, TIME STAMP SERVER AND THE ADVANCED SOLUTIONS GROUP
QuoVadis chose nCipher nShield HSMs with the market-leading nCipher Security World key management architecture, and nCipher Time Stamp Server. And to design and implement their HSMs to provide secure key management and time stamping for the operation of their high volume commercial CA, QuoVadis chose the nCipher Advanced Solutions Group.
“With nCipher, the hardware is only part of the story. For the caliber of hardware that we require, the list of qualified vendors is actually quite small. But one of our biggest priorities is to find providers who not only have in-depth knowledge of the technology but of the businesses in which the technology operates. And nCipher delivers with both the dependable technology and responsive services,” says Kilborn.
nCipher nShield Connect HSM. This high-performance network attached HSM provides secure cryptographic services as a shared resource for distributed application instances and virtual machines. nShield Connect delivers a cost effective way to ensure appropriate levels of physical and logical control for server-based systems. With nShield Connect, organizations can:
- Minimize operational costs with powerful key management architecture.
- Maximize utilization and scalability with a shared centralized platform.
- Provide cryptographic protection for network architectures in traditional, virtualized and cloud deployments.
- Overcome the inherent vulnerabilities of softwarebased cryptography.
nCipher nShield Edge HSM. This USB-connected HSM provides a cost effective way for organizations to implement high assurance cryptography. With greater portability and USB connectivity, nShield Edge is especially suitable for laptops and in workstation or desktop environments, and its compact design and integrated smart card reader makes it a perfect fit for deployments with limited space or where HSMs are used only on occasion.
nCipher Time Stamp Server. This turnkey, network-attached appliance keeps accurate time and creates secure time stamps for PKI-enabled applications, electronic records, and code signing – transforming electronic records into strong evidence. Unlike software-based systems in which administrators can easily manipulate time values, Time Stamp Server protects time stamping keys in independently certified, tamper-resistant hardware. Time Stamp Server offers superior time accuracy and auditability, delivering secure time traceability to national atomic clocks and Universal Coordinated time (UTC) if required.
Simplify key management with nCipher Security World The nCipher Security World architecture provides a business-friendly methodology for securely managing nCipher HSMs and using keys in real world IT environments. Security World minimizes the strain on specialist security resources and instead takes advantage of existing data management processes. This drives down the cost of ownership for HSMs while building resiliency and ensuring long term availability of keys. nCipher Security World enables organizations to:
- Simplify the key management process.
- Maximize the capabilities of HSMs.
- Manage risks while preserving resiliency and scalability.
- Reduce operational cost while maintaining the highest levels of security
nCipher Advanced Solutions Group (ASG). nCipher ASG consultants offer sound practical advice on the most effective way to implement and deploy nCipher cryptographic technology. nCipher consultants are present throughout deployment, offering advice and transferring knowledge and experience to the organization’s staff. With assistance from ASG, organizations can:
- Accelerate HSM deployment.
- Mitigate risk associated with implementing new hardware and software into existing environments.
- Get detailed reporting on the implementation.
- Improve knowledge of best practices.
- Maximize return on investment in data protection solutions.
ABOUT NCIPHER SECURITY
Today’s fast moving digital environment enhances customer satisfaction, gives competitive advantage and improves operational efficiency. It also multiplies the security risks. nCipher Security empowers world-leading organizations by delivering trust, integrity and control to their business critical information and applications.
Our cryptographic solutions secure emerging technologies – cloud, IoT, blockchain, digital payments – and help meet new compliance mandates, using the same proven technology that global organizations depend on today to protect against threats to their sensitive data, network communications and enterprise infrastructure. We deliver trust for your business critical applications, ensuring the integrity of your data and putting you in complete control – today, tomorrow, at all times.
To find out more how nCipher Security can deliver trust, integrity and control to your business critical information and applications, visit www.ncipher.com.