Keyfactor Signum Strengthens Software Supply Chain Security Without Slowing Productivity
New service allows developers to use native signing tools for easy, secure code signing
Keyfactor, the machine and IoT identity platform for modern enterprises, announced the launch of Keyfactor Signum, a new code signing as-a-service platform that makes it easy for developers to sign code and containers in a secure way, without disrupting productivity.
Keyfactor Signum Strengthens Software Supply Chain Security Without Slowing Productivity
Read More: Capgemini To Strengthen Its Data And Analytics Capabilities In Germany With The Acquisition Of…
Organizations today face persistent software supply chain attacks that compromise application development pipelines, IT scripts, macros, and more. Code signing keys are high-value targets for attackers that seek to steal and compromise keys to sign malicious code disguised as trusted software. Shortcuts in the signing process often lead to sensitive keys being left exposed on build servers or developer workstations. Understanding who signed which code and in what context is critical to prevent attacks.
Keyfactor Signum solves these challenges by providing security teams with protection for code signing keys, backed by an HSM and granular signing policies, while allowing developers to leverage the same native signing tools they currently use.
The CA/B Forum has issued requirements that stipulate private keys for EV code signing certificates be generated and protected in a compliant hardware crypto module. “Recent changes made by the CA/B Forum, which are scheduled to go into effect in the next 12 months, mean that organizations are required to generate and store code signing keys in a cryptographic module,” said Ben Dewberry, Product Manager Signing & Key Management, Keyfactor. “Keyfactor Signum makes it easy to comply with these new requirements, without causing any disruption to developers that need to move quickly.”
Read More: SalesTechStar Interview with Keith Feingold, Vice President of Worldwide Sales at Onymos
Keyfactor Signum is a SaaS solution hosted and managed by Keyfactor in the cloud. Key features and benefits include:
- Integrate with Native Tools: Keyfactor Signum integrates natively with popular signing tools like Microsoft SignTool, OpenSSL, and Jarsigner via the KSP interface for Windows and PKCS11 interface for Linux, making it transparent to developers.
- Secure Key Storage: Sensitive signing keys are generated and stored in HSM to ensure the highest level of protection and comply with CA/B Forum Extended Validation code signing certificate requirements.
- Policy and Governance: A simple web interface makes it easy to define who can sign what, when, and where, with complete auditability of all signing activities.
- Authentication: Only authorized developers and admins can sign code and manage signing policies via integration with Identity Providers, making it easy to deploy rapidly throughout the organization.