Public Key Infrastructure (PKI) implementation and support

You must control your own cryptographic keys to control identity and access (the heart of your security).  A PKI is THE anchor technology to establish high assurance security. ISS specializes in building Public Key Infrastructure for all company sizes and budgets.  Let us show you how you can leverage a PKI with many applications and substantially simplify today’s security problem.

  • Needs Analysis, Design, and Planning
  • Turn Key and Diagnostic Solutions
  • SHA-1 Deprecation, SHA-2 Migration, and Application Compatibility
  • Hardware Security Modules (HSM)
  • Bring Your Own Key (BYOK) Cloud Services

Multi-Factor Authentication

Leveraging your PKI with certificate based multi-factor authentication is one of the greatest risk reducing controls any organization can enforce. ISS provides a range of solutions to meet all budgets and needs.

  • Soft Tokens, Virtual Smart Cards, Phone Authentication
  • Hard Tokens & Physical USB and Credit Card Smart Cards
  • Passport, Windows Hello

Privileged Access Workstation (PAW)

With a properly build PKI and a structured active directory, your organization can establish ground level control over all escalated privilege access. A PAW limits privileged access to a dedicated, hardened, minimum footprint device. By using a smart card enabled, hardware encrypted device like certain Windows To Go devices, you can obtain a simple, very secure, and economical solution with many other benefits. This control is so fundamental and effective that you will find it referenced by most of the current standards including NIST 800-53, NIST 800-171, ISO 27001 and PCI 3.x. ISS practices what it preaches; contact us for a demonstration of this control.


Secure Endpoint Management

Securing the device where users present their credentials is another one of today’s top risk reducing controls. Even with the best intentions and the adoption of PAWs, important credentials are still presented to a workstation, server, or loosely controlled device where they are vulnerable to theft and common exploits like pass-the-hash; this is true for both cloud and premise based infrastructure. By leveraging today’s security technologies and sound security practices, ISS can help you mitigate most of these threats.


Group Policy Services

Microsoft Active Directory provides Group Policy as a centralized change and configuration management infrastructure. Group Policy structures and manages settings for groups of users and of computers, including policy, networking, security, PKI, and software installation settings. Inconsistent, decentralized or unmanaged machine configuration greatly reduces the efficacy of other controls and increases the probability of a threat actor penetrating your organization.

When properly implemented, Group Policy is a critical part of your defense in depth. It gives you a powerful mechanism to enforce many additional for networking, authentication, and authorized access.  However, it is also a key technology to ensure that your investment in other controls is not defeated by a simple configuration mistake. Let us help you protect your organization and your existing security investment.


Azure Rights Management Services (Azure RMS)

Azure Rights Management (Azure RMS) is an information protection solution that uniquely addresses the heart of many security risk – unauthorized access to sensitive data.  Historically, controls for this risk are applied to the technologies that transport and store the sensitive data (encryption in transit and encryption at rest). Unfortunately, documents are easily transported and stored using technologies outside of your control. Azure RMS provides encryption based control within each document and gives you the ability to determine who and for how long someone can access your document contents. Let ISS show you how to effectively and efficiently protect your sensitive information while easily sharing it with trusted parties inside or outside your organization.


Host Guardian Service and Shielded VM

The “Host Guardian Service” (HGS) is a new role introduced in Windows Server 2016.  HGS enables a Hyper-V machine to run “shielded” virtual machines that are encrypted in a new way to offer protection against Hyper-V administrators or processes obtaining unauthorized access to the VM Data.

Leveraging key control from a PKI and a virtualized Trusted Protection Module (vTPM), HGS gives you control and assurance that the VMs in a cloud hosted environment are protected and access is controlled by you. ISS can help you prepare for HGS and other benefits of Windows Server 2016.  Contact us for more information.


Active Directory Federation Services (ADFS)

Active Directory Federation Services (ADFS) is an important technology for securely sharing identity and access. ADFS is infrastructure that allows two independent organizations to establish digital identity trust between them.  This trust grants User A from Organization A access to Organization B’s resources (i) without requiring User A to authenticate directly to Organization B’s system and (ii) allowing Organization A and Organization B to maintain independent user and password databases (active directories).  ISS can help you establish the best ways to balance operational needs with secure, risk mitigating technologies. We look forward to working with you.

Our process.


We begin with a simple question: what’s the least probable access point a criminal might use to gather intelligence that provides the greatest potential impact on your bottom line? From this question, we outline possible targets of attack and entry points via electronic, physical, and human means. This includes information your own employees might publish in the public domain, weaknesses in email passwords or log ins, remote access, and mobile footprints. We then perform reconnaissance over the span of several days to assess potential vulnerabilities from all angles.

Next, we put ourselves in your potential attackers’ shoes to determine overall risk and valuation. Based on what we know about current capabilities, strategies, techniques, and tools, we document any digital assets you might have at risk. We then prioritize that risk based on the net asset value were a loss event to occur.

To put our findings to the test, we simulate ethical hacking attacks that are primarily focused on high value target assets. Those tests are customized to align with your unique environment, vulnerabilities, and technologies. Findings are prioritized and compiled into our recommendations to help you focus resources on areas that could mitigate the greatest potential loss.


The penetration testing report.

We present a detailed report on findings and results, giving you an overall picture of your security posture. Pentest reports are customized to help each organization meet their initial objectives and tailored to their own industry and regulatory environment.

Included in our report is a high-level overview and technical details around each penetration test along with your overall risk score. Know the probability, strength, and estimated loss potential of an attack along with controls currently in place to obstruct that event. Ensure requisite steps are taken to comply with PCI, FERPA, GLBA, SOX, HIPAA, or GDPR. You’ll also gain actionable insight and recommendations to reduce your risk in the short-, mid-, and long-term.