New capabilities of its Automated Enrollment Gateway enable full certificate lifecycle management in mixed environments
Today at the RSA Conference 2017, GMO GlobalSign (www.globalsign.com), a leading provider of identity and security solutions for the Internet of Everything (IoE), announced it has enhanced its certificate management platform to better protect enterprises from the constant barrage of external and internal attacks. In addition to boosting security, GlobalSign’s Automated Enrollment Gateway (AEG) delivers IT efficiency and cost savings by automating certificate lifecycle management in mixed enterprise environments.
Enterprises rely on Public Key Infrastructure (PKI) to securely communicate and exchange data, but as the number and variety of endpoints within an enterprise continues to grow, new concerns have emerged over whether PKI can handle these new ecosystems without becoming a burden to manage. The latest version of GlobalSign’s AEG addresses these concerns by creating a fully automated and managed PKI solution that touches virtually every endpoint and centralizes all certificate activity across an enterprise.
The AEG software acts as a connector between GlobalSign’s SaaS certificate service and an organization’s server environment, simulating aspects of an on premises Certificate Authority (CA) while forwarding all certificate enrollment requests to GlobalSign. GlobalSign manages the security, high availability, and CA operations, while organizations retain control of users and policies. Before today, AEG was limited to organizations with Windows environments, but now with new ACME protocol support and improved SCEP support, organizations with mixed environments of Linux Servers, Apple OS X clients, and thousands of mobile and network endpoints can automatically enroll and manage digital certificates.
“With these updates, our customers can easily automate enrollment and manage the lifecycle of their digital certificates no matter the environment,” said Lila Kee, General Manager and Chief Product Officer. “We are excited to extend auto-enrollment capabilities to all major endpoints, a key step in protecting today’s modern enterprise.”
Features added to GlobalSign’s Automated Enrollment Gateway in version 3.0 include:
- Support of Mixed Endpoint Environments – Automate certificate issuance and management for both domain endpoints (e.g., Windows users, machines, and servers) and non-domain endpoints (e.g., Linux servers, mobile devices, networking devices, etc.).
- Key Archival and Recovery – During the certificate enrollment process, the private key is securely sent to a designated local server as part of the certificate request and is archived there. Using key archival and recovery is essential for secure email (S/MIME) use cases, and helps protect encrypted data from permanent loss in the event that the original encryption key is no longer available.
- Mobile and Network Device Support – Issue certificates to non-domain-joined objects (e.g., routers, mobile devices, non-Windows machines) using the SCEP server functionalities. Enrollment can take place using a manual enrollment website, or using a Mobile Device Management (MDM) platform linked directly to the SCEP server to issue certificates for their mobile devices.
- ACME Protocol Support – Use existing ACME client software to automate SSL certificate provisioning and installation on Linux servers in your environment. GlobalSign’s ACME implementation supports higher assurance Organizational Validation (OV) and Extended Validation (EV) Certificates with flexible validity periods.
Securing the Mobile Enterprise
The prevalence of mobile devices – both enterprise owned and personal (BYOD) – has proliferated attacks on enterprise networks through compromised devices. The need for mobile authentication has never been greater, but automating provisioning certificates on devices can be a challenge for enterprises with hundreds or thousands of devices. GlobalSign has partnered with the two leading Mobile Device Management (MDM) providers to secure mobile device access for both internal and external users. Working with AirWatch and MobileIron, GlobalSign has made it easy to deploy certificates on mobile devices. The integrations relieve IT staff from having to manually install and manage certificates on each employee device, removing administration burdens and decreasing total cost of ownership.
“Managing mobility in the enterprise is complex, but the right EMM platform can help enterprises enable productivity without sacrificing security,” said John Morgan, Vice President of Product and Ecosystem, MobileIron. “MobileIron’s collaboration with GlobalSign will make it easier for IT administrators to empower employees to work faster and smarter while protecting both corporate data and employee privacy on mobile devices.”
By connecting directly to GlobalSign’s hosted certificate service, organizations can use MDM and EMM platforms to completely automate certificate provisioning and management. Digital Certificates can be used on mobile devices for:
- Email Encryption and Signing – Encrypts and digitally signs emails to ensure privacy of sensitive data and proof of message origin.
- Email Authentication – Enables email authentication to protect against intruders and allows only authorized devices access corporate email servers.
- VPN and Wi-Fi Authentication – Replace weak and vulnerable usernames and passwords with multi-factor authentication for corporate Wi-Fi and VPN connections, only approved devices will be able to access enterprise connections.
Learn More at RSA Conference 2017 – GlobalSign Booth S721
GlobalSign will be highlighting its enterprise security solutions, including the latest version of its Automated Enrollment Gateway (AEG) and its mobile authentication capabilities at RSA Conference 2017 in San Francisco this week in Booth S721. In addition, GlobalSign IoT partners, such as Infineon, Intrinsic-ID, Xilinx and Allegro, will be demonstrating joint IoT solutions that solve the security concerns of connecting billions of systems, devices and users. To learn more or schedule a demo, please visit the GlobalSign RSA page.
About GMO GlobalSign
GlobalSign is the leading provider of trusted identity and security solutions enabling businesses, large enterprises, cloud-based service providers and IoT innovators around the world to conduct secure online communications, manage millions of verified digital identities and automate authentication and encryption. Its high-scale PKI and identity solutions support the billions of services, devices, people and things comprising the Internet of Everything (IoE). The company has offices in the Americas, Europe and Asia.
About GMO Cloud KK
GMO Cloud K.K. (TSE: 3788) is a full-service IT infrastructure provider focused on cloud solutions. Established as a hosting company in 1996, the company has managed servers for more than 130,000 businesses and now has 6,500 sales partners throughout Japan. In February of 2011, the company launched GMO Cloud to enhance its focus on cloud-based solutions. Since 2007, the company has also grown its GlobalSign SSL security brand through offices in Belgium, U.K., U.S., China and Singapore. For more information please visit http://ir.gmocloud.com/english/.
About GMO Internet Group
GMO Internet Group is an Internet services industry leader, developing and operating Japan’s most widely used domain, hosting & cloud, ecommerce, security, and payment solutions. The Group also comprises the world’s largest online FX trading platform, as well as online advertising, Internet media, and mobile entertainment products. GMO Internet, Inc. (TSE: 9449) is headquartered in Tokyo, Japan. For more information please visit http://www.gmo.jp/en/.
For further information on GlobalSign press releases,
events or for media enquires please contact: