Enterprise Cryptographic Support for Microsoft AD CS
BULVERDE, Texas—May 17th, 2016 - The Vectera Series provides hardware-based cryptographic offloading for Microsoft Active Directory Certificate Services (AD CS). As a software program, Microsoft AD CS offers an abundance of resources to aid users in building a public key infrastructure (PKI). Essential to this goal is how AD CS creates a server that acts as a certificate authority (CA); CAs allow users to encrypt and digitally sign documents for data confidentiality, integrity, and authentication.
While Microsoft AD CS is designed with security in mind, it does not supply the logical and physical security that a compliant hardware security module (HSM) is capable of. Without proper access controls and encryption, CAs can often become vulnerable to sophisticated attacks. By using a Futurex HSM, organizations benefit from FIPS 140-2 Level 3 validated encryption to guard their most sensitive data.
Within AD CS, the HSM protects sensitive encryption keys and provides strict access control over them. In an AD CS environment where cryptographic keys are stored on the HSM itself, there are physical and logical controls protecting the keys. The reliability of certificates is essential to any given organization’s cryptographic processing. With the use of the Vectera Series to preside over cryptographic operations, organizations can significantly diminish concerns about the security of CAs.
For more information on our AD CS offerings, visit our AD CS Informational Brochure. Or, for a customized environment review to learn how Futurex’s support of Microsoft AD CS can fit into existing cryptographic infrastructures, talk to one of our CTGA-accredited Solutions Architects.