Проблемы использования традиционного CodeSign
Приватный ключ хранится локально - поэтому есть вероятность быть украденным, скопированным или скомпрометированным
Symantec Cloud-based Code Signing Service
Вы получаете все преимущества лучших технологий CodeSign без рисков или неприятностей.
- Права доступа на основе иерархии
- Полная отчетность и аудит
- Автоматическая метка времени
- Поддержка всех типов подписи в том числе Microsoft, Java and Android
- API-интерфейс для автоматизации процессов
Maintain Integrity of Files and Apps
Maintain Business Continuity
Drive Business Agility
Traditional code signing provides a way for software publishers to assure their customers that the apps and files they have downloaded are, indeed, from them and have not been tampered with. Unfortunately, inadequate controls around this process can lead to malware propagation. According to IDG News Service, “Malware authors are signing their malicious creations with stolen digital certificates to bypass antivirus detection and defense mechanisms” (IDG News, March 15, 2012). Compromised certificates make news headlines and can lead to poor reputation for your company, and revoking these certificates could result in your distributed applications to suddenly appear as untrusted. Symantec Secure App Service is a cloud-based code signing and management solution with a complete range of services to help enterprises control and secure their code signing activities and keys easily. Services include vetting and approval of software publishers, code signing, key protection and revocation, administrative controls, reporting and audit logs.
Maintain Integrity of Files and Apps, and Secure Keys
Traditional code signing requires companies to have tight management controls over their code signing activities and keys. Without proper security and controls, there is no tracking of signing activity or auditing, no accountability for signing, no rights management, and the signing keys are often vulnerable to theft or can easily be lost. Symantec Secure App Service provides security and convenience: you can sign desktop files and apps and then secure the keys in the same cloud service. This helps prevent keys from being stolen and deployed for nefarious purposes while ensuring the integrity of files downloaded by users.
Maintain Business Continuity with Rotating Keys and Unique Keys
Contrary to industry best practices, some companies use the same key to sign many of their files and apps. If the key is compromised and needs to be revoked, all the files and apps signed using that key will have to be recalled and will not be available to users. Companies may experience a ripple effect in terms of costs associated with unavailability of these assets to their users as well as additional resources required to track and re-secure the assets. With Symantec Secure App Service, companies can deploy unique keys to minimize adverse business impacts in the event a key is revoked. In addition, for publishers on Windows®, they are provided with a pool of keys to sign and rotate through. This allows them to maintain their ranking with Microsoft SmartScreen®Filter while minimizing the business impact if a key has to be revoked.
Enforce accountability with reports, and audit logs
Traditional code signing warns users when files and apps are tampered prior to download and protects users and businesses from malware. In order to attain an enterprise-wide view of keys and code signing activities, administrators would have to spend additional resources to discover and track that information. Symantec Secure App Service provides reports and audit logs so that administrators can easily track and monitor activities. The availability of reports and audit logs helps companies enforce accountability and compliance. Companies have access to reports and logs on all signing activities in one area providing them with insight and data for risk analysis, forecasting and resourcing.