More and more code signing certificates and keys are hijacked from trusted vendors to sign and spread malware. But the burden to protect keys is often left to developers – people who specialize in code, not security.
Keyfactor Code Assure centralizes code signing operations into a single intuitive platform. Developers can have the freedom to quickly sign any code, from anywhere, while keys remain locked in a secure vault.
When you sign a piece of code, you make a statement that the software came from your trusted team and that you stand behind it. But the ability to keep code signing keys secure is growing more and more complex.
More and more malware is signed with legitimate code signing keys stolen from trusted vendors – leading to serious damage.
But the burden to protect code signing certificates and keys is often left to developers that specialize in code, not security.
Keys wind up in unsecured locations from developer workstations to build servers – and who knows where else.
Has Someone Hijacked Your Software?
Organizations experienced an average of four incidents involving the misuse or theft of code signing certificates in the past two years.*
Integrate security without any changes to developer workflows.
Digitally sign any code, from anywhere – without the hassle of storing and securing code signing keys or re-engineering your build, test, and release workflows.
Keep hackers away from your keys and out of operations.
Secure code signing operations with end-to-end auditable controls and centralized protection of private signing keys from internal misuse and external threats.
Continuously monitor and audit code signing activities.
Track and monitor the use of every code signing key to ensure that only the right code is signed by the right developer, at the right time in the release process.
Protect your customers and your business from the growing threat of software supply chain attacks.
Establish trust with mobile users and app stores by preventing fraudulent use of your code signing keys.
Store all code signing keys and certificates centrally in an auditable and secure hardware security module (HSM).
Enable developers to sign code from anywhere, without keys ever leaving the secure confines of the HSM.
Get a complete and actionable audit trail of who used certificates, when, and who authorized the action.
Secure code signing operations regardless of the size and complexity of your development infrastructure.
Ensure that only the right code is signed by the right developer with controls to prevent unauthorized access or use of code signing keys.
Safeguard code signing keys without making any changes to the software development lifecycle (SDLC).
Available on premise or in the cloud with Thales HSM On-Demand built right into the platform. No hardware, no re-engineering – no problem.
Maintain the control you need over private keys and policies, and let us handle the back-end with cloud-hosted deployment.