Code signing cyber-attacks like the ASUS hack are on the rise. Attackers continually evolve the toolkits they use to infiltrate business networks. In the case of code signing operations attacks, hackers exploit vulnerable certificates and keys, planting and deploying malware, among other tools.
Code signing certificates digitally sign every application, driver and software produced, which allows end users to verify its authenticity. However today, code signing practice is unstandardized across the DevOps teams developing, updating and deploying software and application updates. In fact, recent research performed by the Ponemon Institute pegs the cost of code signing certificate and key misuse at $15 million and estimates a 29 percent likelihood that organizations will experience code signing incidents over the next two years.
This is a significant concern, not only for software producers, but also for software consumers, including businesses.
Recognizing this risk, Keyfactor and Thales partnered to develop an integration that delivers secure code signing to software vendors, mobile app developers, enterprise IT organizations, and manufacturers of IoT devices.
The integration combines Keyfactor Control PKI solutions and Gemalto’s cloud-based SafeNet Data Protection On Demand (DPoD) and SafeNet Luna Hardware Security Modules (HSM), which allows enterprises and IoT-enabled manufacturers a secure PKI, whether in-cloud or in client-hosted environments. The solution's cloud delivery meant users quickly recognized benefits that included a highly customizable, flexible and scalable secure PKI. The project and partnership enables several cloud solutions including PKI, SSL application security, code signing, firmware updates, IoT device management, data encryption, key management and user access control.
Until this collaboration, enterprises needed to build and integrate disparate systems to realize the value of digital transformation. Without cloud-based root of trust and strong key management, the large scale of IoT deployments would not be possible. Now, enterprises can efficiently deploy these secure cloud-based services within hours, maintaining trust at scale. The solution interacts with every PKI use case, both public and private, and provides lifecycle management for every identity and key pair at massive scale.
2019 Project of the Year MSP Innovation Award Winners: Keyfactor & Thales
The integration caught the attention of Channel Partner Insight, who awarded Keyfactor and Thales its 2019 Project of the Year MSP Innovation Award. The distinction recognizes MSPs demonstrating how a project or application has provided customer cost savings, expansion and innovation.
The integration's most recent use case involved a well-known Fortune 500 biotech company that recognized the need for continuous security for installed pacemakers on a global scale. They needed high assurance that data being transferred between patients and back-end networks was consistently secure and would remain authentic throughout the communication. This secure connection needed to be accessible under every circumstance – wherever the patient would be, anywhere in the world. Requirements also included that the firmware was to be signed by the manufacturer and verified by the pacemaker.
The solution allowed the customer to create an innovative process that maintained data safety throughout every communication. The data encryption public key and root of trust were installed in the pacemaker; the pacemaker would then verify signed firmware against root of trust. The pacemaker encrypted patient data with the public key and then that encrypted data flowed through Windows Azure, allowing for global data access reach, all the while remaining encrypted data could only be decrypted inside the manufacturer’s data center, using data encryption private key and SafeNet Luna HSMs.
According to Channel Partner Insight, “we saw the project as a truly ambitious and innovative example of leveraging the power of IoT.”
The MSP Innovation Awards, powered by Channel Partner Insight honor North American vendors, distributors and MSPs leading the way in managed services and at a time of unprecedented disruption and change in the channel.