Secure Knowledge Capital, Information Security Due Diligence, and Regulatory Compliance

CentraLytics Information Security & Cryptography Group (ISCG) recently provided a Global 1000 client with an ASP.Net encryption layer employing Web Services protocols and the ASP.Net Cryptographic Service Provider.

The Client's consulting organization had deployed a VB.Net Smart-Forms application that was used world-wide by engagement personnel. The application captured, analyzed, and projected engagement profit and cost information and memorialized candid engagement notes and commentary entered by front-line, Client-facing consultants. The content of the model was considered material, non-public information, and interception of the model's inputs and outputs would be of considerable interest to a stock trader, competitor or industrial spy.

Information security for the tool was a challenge since the many consultants were not always able to connect to the Firm's world-wide virtual private network from within a Client location or business hotel in order to transmit engagement financial information to the central server for interim and on-going reporting and engagement management.

Furthermore, the Client's central information technology organization was concerned that the Firm was under attack by a malicious actor who had attempted to infect certain laptop applications and browsers with spyware. The Firm lost confidence that Browser-level encryption was reliable. The central IT organization's information security audit officer issued a requirement for application-level cryptography and information security to be engineered and retrofitted into the Smart-Forms application, targeted for the next interim release date so as to bring the model into compliance with Sarbanes-Oxley rules for the Firm's financial applications software suite.

CentraLytics ISCG developed an ASP.Net security and cryptography architecture for the application using Web Services and the .Net Cryptographic library to provide an encrypted, secure channel for data transmission. The crypto protocol combined asymmetric and symmetric encryption to achieve both security and speed for bulk encryption requirements, and brought the tool into Firm-wide Sarbanes-Oxley standards.

CentraLytics' president and chief architect, Michael Izatt, said, "The Crypto Web Services paradigm provides 128-bit RSA and triple-DES security through ASP.Net XML cryptography, and ensures an encrypted transmission channel for our Global 1000 Client's mission-critical engagement information for both financial and non-financial data.

"Furthermore, the .Net Web Services layer delivers quality performance and throughput through the Microsoft .Net Web Services deployment platform. The combination of .Net cryptography and the XML cryptography standard ensure that our Client can operate world-wide with security and performance irrespective of local computing configurations at the engagement location. The CentraLytics ISCG Crypto Web Services architecture allowed our Client to retrofit their application in situ with minimal rework and investment by pushing the crypto service to the Web Services platform. Additionally, CentraLytics was able to leverage its status a Microsoft Independent Software Vendor (ISV) to deliver Microsoft thought-leadership and best practices to the engagement to bring our Client's tool box into Sarbanes-Oxley compliance."

About CentraLytics

CentraLytics is a professional services firm that provides technology, consulting, and process engineering to Global 1000 business firms in the fields of manufacturing, financial services, banking, law, government and education.