In the past few months, we’ve posted case studies involving some pretty unique organizations. More on each below:
Zerto is an Israeli company selling a single solution that combines disaster recovery, backup, and cloud mobility (aka ‘IT resilience’).
Zerto’s solution is specifically geared towards customers operating in hybrid and multi-clouds environments. As a top provider of IT resilience software, Zerto needed to ensure its own business systems were airtight. The most effective strategy for doing so was to guarantee its PKI was trusted. For its PKI to be trusted, the team also had to ensure the integrity of its CAs (certificate authorities), the credentials used to establish one’s identity and which underpin the security of a PKI. Currently, the best practice for securing CAs is to use an HSM. HSMs, which offer an independently certified, tamper-resistant environment, are an integral part of securing sensitive keys and business processes.
After weighing its options, the Zerto team selected the nShield Solo. Zerto, which has worked with more than one HSM vendor, cited the nShield’s implementation and support, ease of use, and GUI as deciding factors. While Zerto does not share its quantifiable results from the nShield implementation, the team stated ‘having the nShield Solo HSM securing our CAs provides us with peace of mind’.
itAgile is an Italian provider of digital document and signature solutions.
One of ItAgile’s solutions, PrimeCert, enables its customers (other businesses) to meet eIDAS (a strict European regulation which establishes a framework for legally binding electronic transactions that facilitate cross-border business throughout the EU) requirements, become trusted service providers or TSPs, and get to market more quickly.
The PrimeCert solution incorporates certificate authorities (CAs), the digital credentials used to certify the identity of users. Well aware that CAs are often the focus of targeted attacks, the itAgile team sought to secure the solution with physical and logical controls, as well as an HSM. After considering its options, itAgile chose Entrust . ItAgile cited as attractive selling points the nShield Solo’s Common Criteria EAL4+ certification, and recognition as a Qualified Signature Creation Devices (QSCDs). ItAgile also noted the Entrust HSMs ‘are dependable and last for many years’. Said Gianni Sandrucci, itAgile CEO, “We know the nShield Solo; it’s a foundational component of the system. The system is successful, and it’s been a positive experience working with the Entrust team and its nShield HSM, allowing us to achieve a short time to market and to recover our costs.”
Memjet is a U.S. and Australian designer and developer of modular printing technology that includes printheads, inks, data paths, and modules. The company sells its technology to original-design-and-original-equipment-manufacturing (ODM/OEM) partners, who then integrate Memjet’s technology into their custom-built printing solutions. Since it operates off an ODM/OEM model, Memjet needs to securely support remote manufacturing, where new Memjet-powered printers are created. Doing so involves adding quality assurance chips into printer modules and components, so that Memjet can ensure authentic and appropriate components and consumables are used with a given model, family, or brand of printer.
During the remote manufacturing process, the chip is configured to give the printer or component its unique identity and attribute set. This component is generated securely and digitally signed prior to installation at the remote ODM/OEM facilities using an nShield HSM. Memjet called the solution ‘state of the art’ and the company’s senior director of Information Security said, “I don’t know that we could do what we do with software and have the kind of security we’re looking for without the nShield HSMs.”
Memjet also wanted to refresh its back-office cryptographic key management and signing infrastructure and was able to use nShield HSMs for this project too. Memjet sang the praises of the Entrust sales team, and our overall support and availability.