Authentication Services

Organizations are trying to solve critical security and access issues but often lack the expertise to see the entire ecosystem and respond to current threats falling into several major categories.

Low-grade Security

Existing root CAs are built on last-generation technology, often employing acceptable security levels from a time before modern attackers. Computing power and complexity of attacks has quickly outpaced the legacy acceptable encryption levels, leaving systems that rely on these “trusted” parties vulnerable to data loss and customer compromise.

Modern cryptography is built on the premise of the infeasibility of calculating very large numbers, requiring eons of computer time to defeat. Both the combination of newer, more efficient mathematical methods for solving these equations and vulnerabilities in the way vendors have implemented the algorithms, these faster computers are catching up. Further, as Moore’s Law dictates, computing power continues to double about every 18 months complicating the situation. A decade ago it was acceptable to have a 1024 bit key as that was considered high-grade security for the near future. This was the basis on which many trust anchors built their security for their root keys, which are known to last on the order of 20 to 30 years. Just a decade later, we now know that 1024 bits is insufficient as attacks quickly eat away at the security it once provided and the new recommendation is 2048 bits. It’s logical to expect that in another 10 years from now, when computers are roughly 100 times more powerful, these attacks will continue to reduce the expected lifespan of root keys. Shift sees these challenges to cryptography approaches and has taken measures to combat them. Our keys start at the highest-level set by the FIPS 140-2 standard (4096 bits). We have embraced the next generation of cryptographic protocols, adopting elliptic curve for orders of magnitude greater protection for the same key size. Additionally, we limit the maximum lifetime of keys to around 10 years, driving us to remain ahead of emerging threats.

Weak Validation

With so many downstream systems depending heavily on the assurances provided by the trust root and certificates issued to individual users and systems, the use of email verification alone provides limited security for such vital concerns. Using such a system, intrusion of an email account opens the door for an unauthorized individual to assume the identity of authorized user. On a daily and weekly basis we hear coverage of email account compromise that provide clear evidence that this method of transferring critical information is weak.

We require security to be performed using a completely different method of communication. Shift eliminates weak validation threats by applying multi-level physical and electronic security. The physical security focuses on assuring 100% identity verification and validation for an individual or component of the system. The electronic security leverages more robust processes that ensure usage of a unique ID, secure browser, and secure channel for each session to ensure that no other parties can intercept the process and assume the identity of the true user. Shift continually pushes the technological edge providing our customers with a complete, end-to-end, cost effective enrollment process.

Difficult to Implement

Implementation of a secure and scalable authentication platform can be a daunting task. Having to deal with provisioning high-grade cryptographic hardware, staying up to date on the latest regulations and recommendations and maintaining an up-to-date architecture that is one step ahead of attackers is a full-time job. Founded by software and security experts with years of experience, Shift is passionate about solving these very real problems. We employ top-of-the-line cryptographic hardware (FIPS 140-2 level 3 or higher) and enforce multi-factor multi-party authentication and authorization for all personnel that have access to cryptographic materials. Our data centers have multiple network connections, power connectivity points, backup capabilities, and failover between sites, providing near-perfect uptime. Highly trained security professionals monitor and guard our data centers 24/7.

We blend proprietary software with industry leading cryptographic software to ensure that our systems are as secure and up to date as possible, protecting them from potential threats. All of these steps build a foundation for a solid trust anchor that truly provides the assurances our customers demand.

The bottom line: Shift’s authentication solution delivers secure validation of individual, device and organization identities in a scalable, distributed infrastructure monitored and protected by highly trained industry professionals.