Quovadis Provides Trusted and Certified Global Certificate Authority Services with Thales

How a leading Global Certification Authority Moved To Assure Clients And Auditors It Could Deliver The Assurance And Reliability They Require

The Goal: Delivering High Assurance Cryptographic Key Management

Founded in 1999, QuoVadis is a leading global certification authority, providing managed Public Key Infrastructure (PKI) services and trusted time stamping services for international companies and organizations. Headquartered in Bermuda, QuoVadis also has operations in Switzerland, the Netherlands, and the United Kingdom. The company is accredited as a Qualified Trust Service Provider (TSP) in multiple European countries, and issues eIDs under the Swiss SuisseID and Dutch PKI Overheid programs.

For QuoVadis, key management is critical to the success of their business as well as the countless client transactions driven by QuoVadis services. QuoVadis digital certificates and digital signature services are used to support high value applications that are subject to stringent security requirements and audit regimes. QuoVadis also provides a scalable trusted time stamping capability to support customers requiring a provable and auditable record of the exact time that a digital signature process took place.

QuoVadis relies on the superior key management capabilities of hardware security modules (HSMs) in many of its core activities. As the company grew and service offerings were expanded, QuoVadis needed a scalable and efficient solution that could satisfy customer requirements, as well as meet evolving security standards and accreditation regimes in multiple countries. The QuoVadis team knew they needed an HSM solution that combined operational efficiency with a proven security track record – and they needed a provider that could deliver the expertise they required to deploy HSM-based solutions in an increasingly complicated business environment.

The Benefits: Reliability, Ease of Use And Cost Savings

The Thales solution offered a number of advantages says Barry Kilborn, head of risk management at QuoVadis:

  • Reliability: Thales enabled QuoVadis to quickly deploy reliable and flexible solutions. “We were very interested in minimizing potential problems. Thales gave us more options from an operational perspective to minimize the risk of downtime.”
  • Ease of use: With the Thales Security World key management architecture, QuoVadis is able to manage their HSMs with greater automation and less administrative burden. “The Thales solution was easier to use. And that’s very compelling when you’re setting up a lot of CAs. With multiple CAs, the amount of time key management takes becomes a tremendous burden. The unique Thales Security World architecture allows us to achieve a high assurance level while managing keys much more efficiently than other solutions, and to provide more efficient service to our customers. And as a commercial CA with many CAs to manage, it’s a big plus to eliminate manual, people-intensive management tasks.”
  • Cost savings: With Thales, QuoVadis can offer nShield Edge USB-connected HSMs for their customers who carry out a lower volume of digital signing on their own premises. These economical HSMs provided a low cost solution that delivered high security for these customers.

The Challenge: complex and overlapping standards for accreditation

The QuoVadis team had several major requirements. “First of all we felt we needed to upgrade the reliability and resiliency capabilities of our HSMs,” says Barry Kilborn, head of risk management at QuoVadis. “As a Trusted Third Party in client transactions, we need HSMs that are optimized for a high assurance, high availability, networked environment.”

And the most complicated requirement: they needed a solution that could achieve accreditation in all the countries where they provide trusted services, from a provider who understood the business and the intricacies of the regulatory environments in which the products would be deployed.

For QuoVadis, the stakes were significant. “Our business is focused on creating trusted internet identities and digital signature solutions on valuable transactions. Our customers need our solutions to deliver high assurance and absolute trust, and the HSMs are fundamental to that trust.”

The Solution: Thales nShield Connect, Time Stamp Server and the Advanced Solutions Group

QuoVadis chose Thales nShield HSMs with the market-leading Thales Security World key management architecture, and Thales Time Stamp Server. And to design and implement their HSMs to provide secure key management and time stamping for the operation of their high volume commercial CA, QuoVadis chose the Thales Advanced Solutions Group.

“With Thales, the hardware is only part of the story. For the caliber of hardware that we require, the list of qualified vendors is actually quite small. But one of our biggest priorities is to find providers who not only have in-depth knowledge of the technology but of the businesses in which the technology operates. And Thales delivers with both the dependable technology and responsive services,” says Kilborn.

Thales Solutions

  • Thales nShield Connect HSM. This high-performance network attached HSM provides secure cryptographic services as a shared resource for distributed application instances and virtual machines. nShield Connect delivers a cost effective way to ensure appropriate levels of physical and logical control for server-based systems. With nShield Connect, organizations can:
    • Minimize operational costs with powerful key management architecture.
    • Maximize utilization and scalability with a shared centralized platform.
    • Provide cryptographic protection for network architectures in traditional, virtualized and cloud deployments.
    • Overcome the inherent vulnerabilities of software- based cryptography.
  • Thales nShield Edge HSM. This USB-connected HSM provides a cost effective way for organizations to implement high assurance cryptography. With greater portability and USB connectivity, nShield Edge is especially suitable for laptops and in workstation or desktop environments, and its compact design and integrated smart card reader makes it a perfect fit for deployments with limited space or where HSMs are used only on occasion.
  • Thales Time Stamp Server. This turnkey, network-attached appliance keeps accurate time and creates secure time stamps for PKI-enabled applications, electronic records, and code signing – transforming electronic records into strong evidence. Unlike software-based systems in which administrators can easily manipulate time values, Time Stamp Server protects time stamping keys in independently certified, tamper-resistant hardware. Time Stamp Server offers superior time accuracy and auditability, delivering secure time traceability to national atomic clocks and Universal Coordinated time (UTC) if required.
  • Thales Advanced Solutions Group (ASG). Thales ASG consultants offer sound practical advice on the most effective way to implement and deploy Thales cryptographic technology. Thales consultants are present throughout deployment, offering advice and transferring knowledge and experience to the organization’s staff. With assistance from ASG, organizations can:
    • Accelerate HSM deployment.
    • Mitigate risk associated with implementing new hardware and software into existing environments.
    • Get detailed reporting on the implementation.
    • Improve knowledge of best practices.
    • Maximize return on investment in data protection solutions.

Simplify key management with Thales Security World The Thales Security World architecture provides a businessfriendly methodology for securely managing Thales HSMs and using keys in real world IT environments. Security World minimizes the strain on specialist security resources and instead takes advantage of existing data management processes. This drives down the cost of ownership for HSMs while building resiliency and ensuring long term availability of keys. Thales Security World enables organizations to:

  • Simplify the key management process.
  • Maximize the capabilities of HSMs.
  • Manage risks while preserving resiliency and scalability.
  • Reduce operational cost while maintaining the highest levels of security.