Entrust’s zero trust solutions enhance security of applications, encryption keys and secrets

Entrust announced new capabilities to help organizations enhance their security posture and advance their zero trust maturity journey.

The new features extend protections, visibility, and governance over virtual infrastructures, code and application development, and cryptographic key management.

“IT and security leaders are being challenged to secure the enterprise, anticipate, and plan for new threats, ensure compliance, and enable the organization to advance and grow. Zero Trust offers a framework for organizations to enhance their security posture, while enabling today’s hybrid, multi-cloud operations. These latest innovations from Entrust help organizations gain greater visibility and governance over how they manage encryption keys, secrets, and applications across on-premise, virtualized and multi-cloud operations,” said Bhagwat Swaroop, President, Digital Security Solutions at Entrust.

Specifically, Entrust has enhanced the ability for customers to address the following aspects of the zero trust framework:

• Securing the software supply chain: New cloud-based Code Signing as a Service simplifies application security for developers, while enhanced CodeSafe solution capabilities enables secure application development within the protected boundary of the Entrust nShield hardware security module (HSM).
• Data security with key management: The new Compliance Manager for KeyControl solution provides visibility of encryption keys and secrets across on-premises and multi-cloud operations – a foundation of zero trust architectures.
• Cloud Security Posture Management (CSPM) for virtual environments: Entrust has extended verifiable trust policy management for virtual environments as well as multi-cloud operations through its CloudControl solution.

Entrust has created a new Zero Trust Maturity self-assessment to help organizations understand how their posture aligns with the CISA Zero Trust Maturity model.

Automated Code Signing as a Service

The new Entrust Code Signing as a Service (CSaaS) is a fully hosted cloud-based solution to obtain and manage code signing certificates that ensure software authenticity and integrity. Authenticated code signing combined with a software bill of materials (SBOM) gives organizations visibility into their software supply chain.

The CSaaS solution provides organizations with a centralized location to safeguard code signing certificates and keys without the need to manage secure hardware and can be connected to existing automated code signing applications and workflows.

Secure application development within an HSM

The Entrust nShield CodeSafe solution lets developers write and execute sensitive applications securely inside the boundary of an nShield HSM. New capabilities provide a standardized container development environment and enable adoption of common engineering processes across all application deployment environments. Entrust also has released an SDK to enable customers to test the NIST Post Quantum Cryptography (PQC) draft algorithms in the secure CodeSafe solution environment.

Gain control and visibility into encryption key and secrets management, across clouds and on-premise

With the new Compliance Manager for KeyControl solution, organizations can establish an encryption key inventory and have full visibility into related key information across on-premises and cloud environments. This patent pending solution provides a unified dashboard to view and monitor compliance of an organization’s cryptographic assets centrally, whether located across one or many vaults or configured locally or geographically distributed.

CSPM for virtual environments

The Entrust CloudControl cloud security posture management solution now extends to virtual infrastructures, ensuring that requests to access virtual resources across data centers and private clouds must be authenticated and authorized before access can be granted.

Workloads are secured and only run under multi-layered security and authorization controls, including secondary approvals, risk-based access control (RBAC), and MFA. The CloudControl solution also facilitates data sovereignty compliance by disabling virtual machines if they are moved out of defined areas.