by clicking on the page. A slider will appear, allowing you to adjust your zoom level. Return to the original size by clicking on the page again.
the page around when zoomed in by dragging it.
the zoom using the slider on the top right.
by clicking on the zoomed-in page.
by entering text in the search field and click on "In This Issue" or "All Issues" to search the current issue or the archive of back issues respectively.
by clicking on thumbnails to select pages, and then press the print button.
this publication and page.
displays a table of sections with thumbnails and descriptions.
displays thumbnails of every page in the issue. Click on a page to jump.
allows you to browse through every available issue.
GCN : October 2012
GCN OCTOBER 2012 • GCN.COM 23 CASE STUDY Public Key Infrastructure, or PKI, has emerged as a common tool for encrypt- ing communications, and govern- ment has developed a federated infrastructure to create chains of trust to verify credentials, enabling the exchange of encrypted data between organizations. "DOE has been doing PKI for more than a decade," said Michele J. Thomas, the Energy Depart- ment's PKI program manager. The primary uses have been securing Web sites using Secure Sockets Layer and for exchanging unclassified e-mails. But over the years these needs have grown, particularly the need to communi- cate outside the department, she said. "We needed to be able to do it with our business partners." Initially, DOE handled its own infrastructure. "We started out running our own PKI," Thomas said. But issuing and managing the digital certificates used for en- cryption can be complex and ex- pensive. "We decided that offering PKI services with a GSA-approved cloud-based provider would be more cost effective." The department is adopting the Entelligence Messaging Server (EMS) from Entrust, an appliance that sits with the e-mail server and encrypts outgoing e-mail at the edge of the enterprise. "It gives us the ability to invoke PKI to encrypt and sign messages at the border rather than the desktop," Thomas explained. "The increased de- mand for mobility is part of what is driving this." Moving computationally inten- sive cryptography off the desktop simplifies the process for the end user as encryption happens trans- parently. For administrators, there is no additional desktop software to manage. It also accommodates the growing use of mobile devices and remote connections without jeopardizing security, because mobile and remote users typically already have a secure connection to the cloud. "You have a secure connection between the device and the mail server," Thomas said, "and the mail server works with EMS to meet encryption policy." WOES OF PIV CARDS One tool in the encryption process is the Personal Identity Verifica- tion (PIV) card, the interoper- able electronic card mandated in Homeland Security Presidential Directive 12 that contains biomet- ric data and digital certificates for authentication and for digital sig- natures and cryptography. The intent of the PIV card---and its Defense Department equivalent GOALS: Find a path for message encryption between the complications presented by Personal Identify Verification card technology and the proliferation of mobile technologies. TACTICS: Adopt technology that sits with the e-mail server and encrypts outgoing e-mail at the edge of the enterprise. TOOLS: Entelligence Messaging Server: A software appliance from Entrust Inc., that sits with the e-mail server and encrypts outgoing e-mail at the edge of the enterprise. How the Energy Department moved email encryption to the edge of its enterprise, a win-win for end-users and administrators IS IT TIME TO REVAMP YOUR ENCRYPTION STRATEGY?