GlobalSign

From Wikipedia, the free encyclopedia
Jump to: navigation, search
GlobalSign
Private company
Industry Computer security, Internet security
Founded Belgium (1996 (1996))[citation needed]
Headquarters Boston, Massachusetts, United States
Website www.globalsign.com/en/

GlobalSign is a WebTrust-certified certificate authority (CAs) and provider of Identity Services.

Founded in 1996.[1] and presently a subsidiary of GMO CLOUD K.K. in Japan,[2] the company offers a diverse range of Identity service solutions.

Services[edit]

The company provides PKI and Identity and Access Management solutions to provide enterprises a platform to manage internal and external identities for the Internet of Everything. The services allow organizations to deploy secure e-services, manage employee and extended enterprise identities and automate PKI deployments for users, mobile, and machines.

Its identity and access management portfolio includes access control, single sign-on (SSO), federation and delegation services to help organizations and service providers create new business models for customer and partner interactions.

GlobalSign’s core PKI services allow its thousands of authenticated customers to conduct SSL secured transactions, data transfer, distribution of tamper-proof code, and protection of online identities for secure email and access control. Additionally GlobalSign’s PKI services include a trusted root chaining program for trusted PKI deployments, which allows the widely distributed and trusted GlobalSign root CA certificates to cryptographically chain subordinate root CAs for use in Microsoft CA and other in-house CAs. Such chaining allows these non-commercial CAs to control their own internal PKI, typically issuing SSL and digital IDs for secure email and two factor authentication.

GlobalSign’s solutions are designed to address the massive scalability demanded by the emerging $14.4 trillion Internet of Everything (IoE) market, where the ability to make secure networked connections among people, processes, data and things, will require that every "thing" have a trusted identity that can be managed. The company has offices in the US, Europe and throughout Asia.

SSL configuration checker[edit]

In November 2012 GlobalSign launched an online service that allows website administrators to confirm that they have correctly configured SSL across their websites and receive actionable guidance on how to remediate any faulty or exploitable SSL configurations.[3]

Acquisition[edit]

In 2014 GlobalSign acquired Helsinki-based Ubisecure Solutions, Inc., a privately held identity and access management (IAM) software developer. The acquisition delivers essential technology and talent to propel GlobalSign’s strategic focus on identity services.

Ubisecure is recognized as a product leader in Access Management & Federation by Europe’s leading information security analyst firm KuppingerCole – a market that is expected to reach $7 billion by 2017. Ubisecure’s access control, single sign-on (SSO), federation and delegation services, along with massive scalability, are the product of a 53 man-year R&D investment. The software is used by an impressive number of government agencies, financial institutions and enterprises in Europe, and deployed with the help of over 150 strategic partners, including system integration leaders CapGemini and CGI.

Memberships and awards[edit]

GlobalSign is a founding member of the CA/B forum, a voluntary consortium of certification authorities, vendors of Internet browser software, operating systems, and other PKI-enabled applications that promulgates industry guidelines governing the issuance and management of X.509 v.3 digital certificates that chain to a trust anchor embedded in such applications.

GlobalSign is also a founding member of the Kantara Initiative and the Certificate Authority Security Council, a multi-vendor industry advocacy group created to conduct research, promote Internet security standards and educate the public on Internet security issues

GlobalSign has been recognized by the Online Trust Authority (OTA) as Web Compliant since 2001.

Additionally, Chief Product Officer Lila Kee is an executive member on the North American Energy Standards Board (NAESB). Kee is a board member on the Wholesale Electrical Quadrant Board of Directors where she takes a lead role in the development of security best practices and standards needed to secure electric-industry wholesale business applications.

Recognized industry firsts[edit]

GlobalSign was the first CA to improve revocation (page load) speed for HTTPS pages.[4]

The company was also the first to offer IPv6 compliant revocation services.[5]

2011 hacking incident[edit]

In September 2011, GlobalSign suspended issuing authentication certificates temporarily after an anonymous hacker compromised their servers.[6] An Iranian student self-identified as "Comodohacker", who also claimed responsibility for the 2011 Comodo and DigiNotar breaches,[7] claimed that he had also hacked the systems of GlobalSign.[8] GlobalSign took the claim seriously enough to halt the signing/issuing of new certificates while investigating the claims; it resumed issuing certificates a week later.[9]

Dutch security company Fox-IT was contracted to analyze the breach and GlobalSign released a security incident report.[10] On December 13, 2011 GlobalSign released its final report on the incident. The report concluded that while GlobalSign's own web server was breached and the certificate of this server was stolen, due to the air gap separating this web server from the certificate-issuing machine (the one holding the company's root certificate), there was no evidence of any rogue certificates issued or any customer data exposed, thus the remedial actions were limited to cancelling their own web server's certificate and patching its software.[9][10] Sophos’s Chester Wisniewski summarized the report and GlobalSign’s response to the incident on his blog and concluded "Not only is the report thorough and convincing, but it appears that GlobalSign took every action, exactly as they should have, both during and after the incident."[11]

See also[edit]

External links[edit]

Sources and references[edit]

  1. ^ "About GlobalSign". 2015-03-13. Retrieved 2015-03-13. 
  2. ^ "Corporate summary". 2013-04-22. Retrieved 2013-08-13. 
  3. ^ "GlobalSign SSL Configuration Checker Provides Guidance to Reduce Cybercriminals' Ability to Exploit Faulty SSL Configurations". 2012-11-15. 
  4. ^ CloudFlare Partners With GlobalSign To Make Loading Secure Web Pages Up To 6 Times Faster. TechCrunch (2012-11-01). Retrieved on 2013-07-26.
  5. ^ GlobalSign First CA to Offer Certificate Revocation Status Services over IPv6. Thewhir.com (2013-03-13). Retrieved on 2013-07-26.
  6. ^ BBC News - GlobalSign stops secure certificates after hack claim. Bbc.co.uk (2011-09-07). Retrieved on 2013-07-26.
  7. ^ Mikko Hypponen (2011-09-06). "DigiNotar Hacker Comes Out". 
  8. ^ Sterling, Toby. "Another Firm Stops Issuing Website Security Certificates In Wake Of Dutch Hack." Canadian Press, 6 Sep. 2011: Newspaper Source Plus. Web. 30 May 2013.
  9. ^ a b http://www.zdnet.com/blog/btl/unpatched-server-led-to-globalsign-breach/75374
  10. ^ a b Steve Waite (2011-12-13). "Security Incident Report". 
  11. ^ Chester Wisniewski (2011-12-15). "Google and EFF propose improvements to HTTPS as GlobalSign releases CA breach report".