US Correctional Services Provider

Digi-CA™ Service - Case Study

PDF From San Quentin to Rikers Island, some 150,000 US Department of Corrections inmates are provided with vending, commissary and laundry services; and vocational and culinary training by Canteen Correctional Services.

Canteen Correctional Services [CCS] is a division of Compass Group North America, a $5 billion food service and hospitality company with more than 116,000 associates throughout the US and Canada.

Associates of CCS spend much of their time in the field dealing with clients and undertaking day-to-day tasks relating to sales, support and customer relationship management. As part of this daily routine, a CCS Associate would visit one of the thousands of US Penitentiaries each day and access corporate documents and files from the CCS extranet. Access to the extranet was by way of a username and password.

CCS conducted an IT Security audit and clearly identified the possibility of unauthorized access to its extranet. It needed to take proactive, remedial action.

Lock Down & Lock Out

      Mirroring the high level of security that is synonymous with the US Department of Corrections, CCS needed to ‘lock down’ its extranet and provide highly secure access to its Associates.

Business Savings & Security

      CCS already had a fully operational extranet when they began researching the market for methods to secure its Associates’ access. With hundreds of highly sensitive documents stored on the extranet, usernames and passwords posed too much of a threat to the company’s security. If a competitor or other unauthorized user accessed this data, the damage to the company’s reputation and/or the competitive advantage they would loose, was too high a risk to leave unresolved.

The Who & How of Security

      Knowing, with certainty, the identity of each extranet user was the issue. As with most customers that contact Digi-Sign, CCS had investigated the wide range of hardware and software security options in the market. In solving the particular security issue, these alternatives raised other issues.

Most software needs upgrading every year. CCS’s IT Department was reluctant to add more software to their Desktops or more work to their Help Desk. Tokens using asynchronous number authentication, like RSA® SecurID®, were too expensive. Digital Certificates were an option, but CCS was not sure how to implement them.

Two-Factor Hardware Authentication

      Working with Digi-Sign, the CCS requirement was designed from the ‘outside in’. Meaning that Digi-Sign examined the CCS Associate’s working environment first and then worked back from there to provide the most practical and simple-to-use solution.

Each Associate travels from location to location, and more often than not, cannot bring any type of PC or notebook into the prison. In some cases, the visit may be sales related and could be a once-off visit that may not be repeated by the Associate. The new access solution needed to be very secure, small and highly portable.

Digital Certificates would provide two factor, secure authentication of the Associate. Once the server was configured, Digi-Access™ would control who had access to the data stored on the server. Most web servers from Apache to Zeus work with Digi-Access™. Configuring a server to work with strong two factor authentication using Certificates is called Digi-Access™.

By storing the Digi-CA™ Certificates on a hardware device, the issue of portability and the ability to bring the small device into the prisons was also solved. Using a USB token

[Digi-Token™], the Digi-CA™ Certificate would be given to the Associate and they would use PCs belonging to the US Department of Corrections during their visits.

Digi-CA™ Server or Service

      Digi-Sign is probably the only CA provider in the world that offers both types of Certificate Authority [CA]: Managed CA and CA Software.

A Managed CA is located in a secure data centre and the customer accesses the solution over a highly secure Internet connection. The solution is charged on an annual recurring subscription basis depending on the number of end users or seats, the customer wishes to use the CA for. Digi-CA™ Service is the Managed CA.

CA Software is like most software in that it is sold ‘in a box’ and is usually delivered and installed at the customer’s site. CA Software is life-time software purchased in Year-1 with an annual maintenance fee thereafter. Digi-Sign’s CA Software is called Digi-CA™ Server.

Digi-CA™ Service was the obvious choice for CCS, but CCS did not have the necessary resources to make the initial deployment.

Deployment & TTM™

      When an organization wants all the benefits of using Certificates but does not have either the time or the resources to manage them, then Total Trust Management™ [TTM™] is the best option. TTM™ is a unique service offering from Digi-Sign that means every aspect of the Digi-CA™ environment is Totally Managed by Digi-Sign personnel - exactly as the customer instructs. All aspects of the initial deployment, the day-to-day administration of the Digi-CA™ Service and the life-cycle management of every Certificate is totally managed for the customer by Digi-Sign personnel.

Combining all of CCS’s needs into a single offering, from a single vendor, solved all their requirements. As a standard provision of TTM™, Digi-Sign also manages the Help Desk function for the environment meaning that no resources are required in CCS other than a single point of contact.

Solution’s Day-to-Day Operation

      The Digi-Sign TTM™ Team issue each Associate with a Digi-Token™ for storing the Certificate. The life-cycle of the Certificate; adding and removing Associates and ensuring the smooth operation of the every aspect of the Digi-CA™ Service is managed by Digi-Sign under strict instructions from CCS.

A Simple, Cost Effective Solution