MANAGED SERVICES: Managed Encryption
» Encryption » Protective Monitoring » Accreditation »Managed Service Provision
Regency IT Consulting offers a managed encryption service for UK HMG Data with a Protective Marking of CONFIDENTIAL or RESTRICTED. The service consists of the supply and management of AEP Net encryptors (ED Remote,ED20M / ED100M VPN concentrators, Net ED20M / ED100M network encryptors). The service is available directly to end-user Departments, Agencies, Forces (e.g. Police), and Defence contractors.
Management in this context means:
Key management maintenance of up-to-date encryptor certificates (annual after the initial rollout) Network configuration maintenance of encryptor IP addressing Support Support of encyprtion solution with partner level access to AEP support staff for escalation if required. Audit review routine review and report on auditable events Crypto Custodian services this service is available both to organisations who take other managed encryption services from Regency IT Consulting or as a standalone service.
This service is available to clients utilising encryptors in the ownership of the end-user organisation, an SI or NSP or Regency IT Consulting.
Where remote terminal equipment, e.g. laptop computers are required Regency IT Consulting can supply consultancy and technical security services. Please contact us for more information.
The benefits of a Regency IT Consulting managed encryption services utilising AEP Net products, which incorporate a number of CESG evaluated features include:
Key material Key material is only required for the management centre itself and is held managed and stored centrally. There is no need to distribute any keys to remote equipment (provided that the initial installation of net Remote on the end user terminal is carried out at some central point) nor do units need to be returned to the management centre for updates
Management Centre defences The Management Centre is protected from attack from both the public and private (end user community) networks and is isolated from user data. This ensures that Regency IT Consulting have no access to client data that is protected by the encryptors.
Cryptographic Communities of Interest (COIs) COIs can be easily defined merely by issuing encryptors with policy certificates. This feature enables Regency IT Consulting to manage multiple accounts from the same management centre (NB in some circumstances CESG allow both RESTRICTED and CONFIDENTIAL networks to be so managed).
The following diagram illustrates the management of 2 Net Remote systems:
The Regency IT Consulting Encryptor Management centre only needs a communications path to the Black (Public) Interface addresses of the AEP Net encryptors (not the AEP Net Remote units). Typically the client will specify the configuration for the encryption units (IP addresses static routing etc) and Regency IT Consulting will supply the AEP Net devices pre-configured. Provided that the units certificate has not been issued an encryptor is Not Protectively Marked ACCSEC so may be transported by courier. AEP Net Remote units can also be supplied pre-configured, installed on the end user terminal and certified (Net Remote encryptors are Not Protectively Marked ACCSEC unless the user has authenticated to the unit). Where necessary Regency IT Consulting in partnership with AEP can provide architecture and / or commissioning and installation consultancy costed within the service proposal.
For more information about AEP and their range of encryption products visit their website at www.aepnetworks.com