REDMOND, Wash., April 14, 2006 — Digital certificates provide one of the strongest authentication infrastructures that exist. But until recently, the cost and complexity of implementing them has left companies questioning whether it’s worth the effort.
Today, because of the growing requirements for strong authentication and security services like smartcard-based authentication and IPSEC, quarantine technologies like Network Access Protection, and business drivers such as cost, information protection and regulatory compliance, what was once considered a luxury in the business world is rapidly becoming a necessity.
To help unravel the questions around digital certificates, when they should be employed, and how to implement them, hosts Mike Nash and Amy Roberts will tackle the issue during this month’s Microsoft Security360 webcast on April 18.
Guests for this month’s discussion include Candy Stark, security project manager for Microsoft IT; Gary Secrest, director of worldwide information security at Johnson & Johnson; Dan Blum, senior vice president and research director of Burton Group; Conrad Bayer, group program manager of Windows Security at Microsoft; Steve Sanders, senior technology analyst for Southern Company; David Cross, director of program management for Windows Security at Microsoft, and Brian Komar, president of Ident-IT.
A digital certificate is a sort of electronic identity card which represents an identity for an individual, device or application in a computing environment. They are used to authenticate that people, Web sites and even network resources such as routers are truly who or what they claim to be, and as such, they help protect data exchanged online from being misused. And, according to the panelists on the webcast, there is a growing need for digital certificates.
“The driving factors come down to consequences, threats and regulations. We’re putting more valuable information online, including identity, health and financial data. We have to protect this sensitive information when it’s in transit and when it’s at rest,” says Blum. “There are a lot of criminal threats, such as phishing, where criminals are trying to fool the user by spoofing emails and websites. Stronger certificate support is one of the tools we can use to protect the integrity and confidentiality of information, network infrastructure, websites and email.”
In the past, however, digital certificates were complex and costly enough to deploy that many organizations opted not to. That is rapidly changing, says Nash and guests, in large part because today’s increased need for information security is driving innovation in how digital certificates are deployed and used.
According to guests on this month’s webcast, Microsoft and others in the industry have been working hard to make digital certificates much more friendly for IT departments and end users. Microsoft is making the use of the technology easier and more affordable through investments in Windows, and with solutions such as the Microsoft Certificate Lifecycle Manager or CLM.
“Organizations need processes for deploying digital certificates and historically, that’s been difficult because enterprises have had to build their own solutions,” says Bayer. “We’ve gone a long way in trying to address that with some of the products we’re now bringing forward. With good infrastructure, good management systems and good back end systems like public key infrastructure (PKI) itself, we can go a long way in terms of making this simpler.”
Other areas of discussion this month include determining where and when a business may require strong authentication, the growing use of smart cards for network access, as well as the latest technologies in Microsoft Windows Server 2003 and Microsoft Windows XP Professional and future advances in Microsoft Windows Vista and Windows Server “Longhorn.”
As always, the Security360 webcast will feature lively discussions with Nash and Roberts, tips and tricks on getting the most from digital certificate programs, and a live Q&A session with Nash and guests. It’s an informative hour that IT professionals, decision makers and anyone interested in the latest developments in strong encryption can’t afford to miss.
More information on the Security360 webcast series, including step-by-step checklists on each topic and other information and resources discussed during each webcast, as well as past episodes, can be found on the Security360 Web site at www.microsoft.com/security360.