TL; DR: Behind a multi-faceted approach to security, Entrust Datacard provides secure transactions and identity management services to businesses, financial institutions, and government entities, among other data-sensitive organizations. The company, founded in 1969, manages billions of secure transactions each year through its services, including two-factor authentication, digital signing certificates, public key infrastructure, and SSL certificates. Entrust Datacard simplifies SSL certificate discovery and management processes with a centralized dashboard to monitor compliance, reporting, and best practices.
With security breaches still making headlines each year, consumers can justifiably have a hard time fully trusting the security of their online data. Even big-name brands, including Yahoo, Equifax, LinkedIn, and Target, aren’t immune — despite sizeable investments in security.
By using the right tools, however, such organizations greatly reduce their risk. Properly installed and configured SSL certificates can protect online shoppers while also helping businesses build customer trust and safeguard their databases.
A longtime security resource for financial, government, and corporate organizations, Entrust Datacard provides the full range of certificates for protecting websites and sensitive data. The company’s platform helps businesses create, find, evaluate, and manage certificates to help systems mitigate vulnerabilities to exploits.
Entrust Datacard’s platform, according to Jay Schiavo, Vice President of ECS Products and Markets, incorporates a unified approach to certificate management, verification, support, and backend operations.
“We had to stop thinking about them as separate entities,” he said. “We’re not just offering certificates or a management platform, it’s the complete package. It’s about giving customers that peace of mind.”
How Domain-Validated Certificates Brought SSL to a Wider Audience
SSL certificates encrypt data and communications between web browsers and servers. The Transport Layer Security protocol, or TLS, protects users’ privacy and a company’s data integrity by obscuring sensitive information.
Originally, only large enterprises typically used the organization-validated SSL certificates — mostly to protect online credit card transactions or usernames and passwords, Jay said. In the mid-2000s, however, the emergence of domain-validated certificates proved to be a more accessible option and increased the adoption among smaller businesses.
“The gentleman who actually invented domain-validated certificates, Chris Bailey, now works for us as our General Manager for our certificate services business,” he said. “That really opened up the market to a broader audience. The validation challenges were taken away, and the ability to get certificates in a more automated, 24/7 model became a reality.”
As more and more companies started doing business online, certificate authorities began working with the web hosting industry to issue more certificates to a wider range of customers. With the increased popularity came the need for more regulation, according to Jay, which spurred the CA/Browser Forum and creation of extended-validation certificates. as well as baseline requirements for SSL.
“The goal was to really bring out the stronger and consistent identity verifications and having browsers display them differently,” he said. “Now, you can get the certificates with stronger validation that may help customers distinguish between fraudulent and trustworthy sites.”
Since roughly 2007, web browsers and search engines have become increasingly engaged in promoting a more secure internet. For instance, Google tends to rank secure websites higher in search results, and the company’s Chrome web browser has begun flagging websites without SSL certificates as not secure.
“SSL used to be an afterthought,” Jay said. “It used to be something businesses would just have to get and deal with. It has now become a critical part of their infrastructure, where, if they don’t properly manage SSL certificates, it could lead to business disruptions or security risks.”
Management Dashboard Promotes Security Beyond the Certificate
Entrust Datacard is a long-standing authority in financial security, getting its start by printing cards for the likes of MasterCard, Visa, and many national US banks. Today, Entrust Datacard offers a wide variety of security solutions, including two-factor authentication and digital signing certificates.
Entrust Datacard makes it easy for businesses to obtain and manage their certificates, including extended-validation certificates, wildcard certificates, and certificates for multiple domains. Once the protections are purchased, a web-based dashboard helps Entrust Datacard customers manage certificates according to their company policies and ensure certificates are installed properly.
“We’re giving them all the tools that make sure they can get any of the different types of certificates the need,” Jay said. “We also have technology in our platform that allows them to determine if a certificate is properly installed.”
By alerting organizations to improperly configured SSL certificates, Entrust Datacard protects customers from vulnerabilities. Attacks, such as Heartbleed, DROWN, and Logjam, for example, revolved around a weakness in the OpenSSL library that exposed their environments if not detected, Jay said.
“There have been a lot of recent attackes associated with using outdated technology and not properly installing or configuring SSL certificates,” he said. “If an issue like that comes up that our customers need to worry about, we have technology in our platform to say, ‘Here are the domains that are using certificates that are susceptible to this vulnerability.’”
Service Levels and Thought Leadership Build Customer Trust
The two other major components of Entrust Datacard’s mission, according to Jay, is providing superior customer support and thought leadership to educate customers on the different advantages associated with each type of SSL certificate or management systems.
“Especially, now that certificates are a critical part of their infrastructure, customers want to be able to pick up the phone and be able to talk to someone,” he said, adding that the company moved to a follow-the-sun model with its support and verification services — meaning that teams around the world are available at all hours to help customers.
Sales representatives, for example, continue to work with customers beyond the onboarding experience and can help put them in touch with the relevant departments and services. Additionally, Entrust Datacard created various materials, including webinars, blogs, and white papers, to share and promote best practices.
“They’re looking to us to provide that information,” Jay said. “It’s not just about marketing and trying to get our brand known, it’s about helping educate the industry. As you scale with your customers, you have to scale all those different parts of the business so you can present a full product and service to your customers.”
Blending Different Technologies for the Most Secure Transactions
Having witnessed the rise of public trust and private trust SSL certificates, Entrust Datacard is no stranger to the shifting landscape of online security.
“As security needs have evolved, so too has Entrust Datacard’s technology,” Jay said.
The company, which also offers public-key infrastructure for issuing and managing digital certificates, is aiming to consolidate its PKI and SSL technologies. Public-key infrastructure, or PKI, is the system required to provide public-key encryption and digital signature service. Third parties can add a public trust layer to PKI through their verification process and embedding of roots in browsers and mbile devices. Most often, this third party is a certificate authority.
“A lot of our customers leverage both of those services, and we’re working to bring those services together,” Jay said. “Instead of having to buy two different services, they can have one place to go.”
In an upcoming release, Entrust Datacard will fully support a public- and private-trust hierarchy for SSL certificates in a unified platform. For example, while major financial institutions might have thousands of publicly facing certificates, Jay said they may use tens of thousands of internally facing SSL certificates that are privately rooted to protect their environment.
“That’s a big advancement, and we’re one of the only CAs that can do that,” he said of the integrated platform. “This gives large enterprises the tools where they can manage everything, from issuance and lifecycle management to reporting of both public-trust and private-trust SSL, which is something we’re really excited about.”