Entrust, a global leader in trusted identity, payments and data protection, has just announced a new technology partnership with RNTrust, an expert digital security solutions provider for the EMEA region. Combining nShield Edge HSMs from Entrust with RNTrust’s ORCA PKI solution, the partnership will provide an all-in-one secured solution for PKI Deployment and Offline Root Certificate Authority.
Specifically tailored to serve the SME (small and medium enterprises) market, RNTrust ORCA, with nShield Edge HSMs from Entrust, will cater to organizations in the Middle East that require high levels of data security and protection, but do not have the expertise or budget to execute a complex enterprise-class solution; providing the highest levels of Enterprise data security for their PKI deployments.
In line with evolving regional compliance regulations and standards, the RNTrust ORCA is built on a FIPS (Federal Information Processing Standard Publication) 140-2 and FIPS 140-3 HSM certification, with Multi-person Control or quorum-based authentication, often referred to as M of N protection. This helps facilitate compliance with GDPR, HIPPA, SOX, and CCPA, enabling businesses to adapt to and comply with regional comprehensive data security legislations as they impact organizations in the coming years.
“We believe data protection is essential for every business regardless of their size or budget,” said Hamid Qureshi, Regional Sales Director, Middle East, Africa and South Asia, Entrust. “With new and more comprehensive data security legislation being adopted across the Middle East region – most notably here in the UAE with the new DIFC Data Protection Law, as well as the newly launched UAE Federal Data Law and Abu Dhabi Global Market (ADGM) Data Protection Regulations – businesses of small and large scale, must equip themselves to effectively protect and manage their data.”
“PKI, Offline CA can be complicated and difficult to implement. Entrust has a long history of supporting governments, banks, and other institutions across the GCC in protecting sensitive data. The main aim of our technology partnership with RNTrust was to make enterprise level data protection more accessible to SMEs in the private sector as well,” added Hamid.
RNTrust Orca is an all-in-one solution which is supported by an nShield Edge HSM, hardened Linux based Appliance, OpenSSL based Certification and two Hardware encrypted USB Keys to help ensure straightforward key generation.
The solution is compact enough to be kept in a safe when not in use, providing physical security of the system. Security World software, which is also the backbone of the nShield HSM range, allows for easy connectivity, load balancing and clustering as the usage grows.
“After extensive research of the HSM market, we found that nShield Edge HSM from Entrust was going to be the perfect match for us. The solution we have created not only simplifies data protection processes, but also makes it more accessible to small and medium size businesses across the region.” said Olivier Ruff, Chief Technology Officer at RNTrust Group. “, Businesses in the region can rest assured that their data protection is up to par and can focus their efforts and budget on other areas of businesses to scale.”
SPITrust ORCA solves the common challenges of the Offline Root CA: the Hardware, the Software, the HSM, the Backup storage and the Integration of those four elements. RNTrust has built SPITrust ORCA as an off-the-shelf turnkey solution. It uses an OpenSSL based CA on top of a hardened SuSE Linux with encrypted file system and stores its status in a SQLite database. With SPITrust ORCA, multiple CA Certificates and CRLs can be created and managed, making the key-ceremonies smooth and easy.
SPITrust ORCA supports all the standards to ensure strong protection of the private keys and uses an nShield Edge hardware security module. The nShield Edge hardware security module (HSM) is a full-featured, portable USB HSM designed for low-volume transaction environments. It is capable of encryption and key protection and is ideally suited for off-line key generation for certificate authorities (CAs). To ensure maximum security of Root CA, SPITrust ORCA includes a PIN-authenticated, AES-XTS 256-bit hardware encrypted flash drive that securely encrypts, stores, and protects data to military standards.
The Aegis Secure Key 3NX allows to securely store ORCA backups to ensure compliance with stringent data protection and confidentiality regulations and directives, such as GDPR, HIPAA, SOX, CCPA and more. The microprocessor offers ultimate security against hackers, detecting and responding to tampering with multiple features.
Source: Definition Agency