Entrust Datacard

Successful companies collaborate with their clients to deliver solutions that truly improve business and the customer experience. This is key to remaining competitive in any market, but Entrust Datacard takes this focus to another level. Committed to quality in every aspect of its operation, Entrust Datacard uses its strengths and capabilities to ensure its products and services meet the most demanding standards of the aerospace and defense industry, as well as many other markets around the world.

“Our company’s heritage is providing identity-based solutions to customers ,” explains Josh Jabs, vice president, CTO and general manager of IoT. “In this hyper-connected world, our solutions deliver interactions that people, systems and things can trust. This is especially important when servicing digital companies with critical infrastructures that have large-scale and frequent connections between things with little to no human intervention.”

Based in Minneapolis, Entrust Datacard is a private operation with 34 global locations, and a sales and service staff that supports more than 150 countries. The company offers trusted identity and secure issuance technology to ensure various experiences – such as making purchases, crossing borders, accessing e-gov services or logging onto corporate networks – are reliable and secure. Its solutions range from financial cards, passports and ID cards to digital authentication, certificates and secure communications.

“There are big changes occurring,” Jabs says. “If you look at what was happening in 2005 and 2015, those were the past internet ages of mobility. When you think about digital in terms of marketing and e-commerce, all of that is being accelerated with technology. The latest round of changes will have a broader impact because digital technology is extended to physical environments. Those environments introduce and rely on connectivity and the increased use of data, and it results in changing business models.”

“Manufacturers have been isolated from some of these changes because all of it has been evolving for a long period of time, but these factors are now shifting to operational environments,” he continues. “It can be hard to bring IT folks into the operational environment because the starting point for the discussion is so different. We are bridging that gap with technology and operations groups that have very specific ways of getting things done. This gap, however, is one of the biggest challenges in terms of adoption.”

Guidance and Practical Examples
With customers in the manufacturing markets, Entrust Datacard is focused on providing a means to identify and secure value assets within clients’ operational environments, including communication and data end points. The company remains dedicated to the security of clients’ infrastructure, as well as the users of that infrastructure.

Entrust Datacard, for example, works with clients to build security frameworks for the Internet of Things (IoT), determining what clients need to be operationally secure now, what they will need in the future, and how to measure that progress. Jabs notes Entrust Datacard has an advantage in this realm because of its long history of providing digital trust. The company has the skills and expertise to help manufacturing organizations understand what tools and solutions they require.

“We can use our experiences as guidance for these clients, but also help them with practical examples,” he says. “We can help them with how they are approaching these changes in their industry and key decisions that they need to make about security in their operations. We look at the starting point and how they are doing business today. We ask if IT supports their operational environment, or if they have a separate group in operations to support the technology in manufacturing. We determine what approach will work best for them based on how the organization runs, who will run the security and risk management, who the different actors are and which stakeholders should be involved when.”

“A few years ago,” Jabs explains, “some companies started making early engagements in programs that would serve these functions, but they realized there were skill gaps with some employees, and clients had concerns about the maturity of their technology. Some clients had issues because what was happening in IT to support the company had limitations in the operational environment. As a result, Entrust Datacard really focused on developing solutions that would leverage its technology and clients’ core competencies, while approaching the solutions from an operations-first perspective.”

“We had to look at what ‘real time’ meant in an IT environment vs. an operational technology environment,” Jabs says. “If email goes down in IT, it’s a pain. But if a malicious command occurs in an operational technology environment – a production plant or aviation navigation systems for example – the impact can become a safety concern. Large companies have established processes for IT and the deployment of technology, as well as disciplines for security. But in operational technology, that skill is still developing, and throwing IT tools at the operators isn’t a good fit. We are trying to simplify how technology and changes are deployed, and put it all in the language of the operational environment.”

Entrust Datacard has been working with the industry in a number of ways to deliver on these goals. Last year, the company contributed to the Security Maturity Model (SMM) Practitioner’s Guide, which provides detailed, actionable guidance enabling IoT stakeholders to assess, manage and mature the security of their IoT systems. The guide is published by the Industrial Internet Consortium.

The SMM guide defines levels of security maturity for a company to achieve based on its security goals and objectives, as well as its appetite for risk. Organizations may improve their security by making continued assessments and improvements over time. Entrust Datacard contributed its expertise in security, identity and data protection to the guide.

“The Security Maturity Model is a valuable resource that will help organizations prioritize their IoT security investments,” says Sandy Carielli, director of security technologies for Entrust Datacard and co-author of the SMM guide. “Entrust Datacard understands the importance of building and maintaining a trusted IoT ecosystem.”

Security and Visibility
Entrust Datacard understands that in an IT environment, supply chain isn’t a huge factor. However, in manufacturing and other businesses with critical systems – such as in the aerospace and defense markets – supply chain is critical. The company is working with its clients to ensure they have strong systems that can assess the authenticity of a component or material and provide IP considerations for manufactured solutions. IoT makes for an intricate operational supply chain, and Entrust Datacard is uniquely poised to help clients ensure the unique device identities required for proper access and control of IoT components – and the ability to effectively manage them – maintain a strong root of trust.

“We have to establish good security and visibility in the supply chain for our clients, and that involves who can see it and who can validate the components,” Jabs says. “It’s a new way of doing things for many operations, but we’re taking advantage of the connectivity that’s involved.”

“For operators, components are sold, built into a system and then someone else owns it,” he adds. “By adopting identity-based technology in the operational environment, we can experience more connectivity benefits like automation for device enrollment and provisioning to securely build up a data-rich environment. Digital companies need to trust who and what is in their IoT ecosystem and that their value assets continue to work as intended. We help ensure that trust.”

Entrust Datacard continues to enhance its own capabilities to better serve customers in all markets. Jabs notes the company is driving security as close to the edge as possible, while also driving visibility and security as far into the operational environment as possible to help with latency and reliability. The company is developing new systems to help support newer technology in the operational environments to increase clients’ capabilities.

“We are focused on deployability,” he says. “This involves not only how quickly we can get these systems up and working, but also how many touchpoints are required by the user. We have to determine if we need new firmware for these devices or if we can automate in process. We can definitely deliver rich capabilities from a policy perspective.”

“It’s important that we deliver ease of deployment and push the security as far into the operational environment as possible,” Jabs notes. “A lot of our services are ecosystem services, so more than one organization is involved. That could mean different third parties, manufacturers and other developers. When we deliver services in real time, there will be an expectation that third parties are involved. To do this, we create communities of trust, and that is what our company developed our foundation on.”