CIO Influence
CIO Influence News Digital Transformation IT and DevOps Security

Fortanix and Sectigo Partnership Helps Enterprises Uplevel Software Supply Chain Security

Fortanix and Sectigo Partnership Helps Enterprises Uplevel Software Supply Chain Security

Collaboration Automates the Issuance of Code Signing Certificates, Enabling Enterprises to Accelerate, Scale and Secure Rapid Development Processes

Fortanix, Inc., a leader in data-first cybersecurity and pioneer of Confidential Computing, today announced a new partnership with Sectigo, a global leader in certificate lifecycle management (CLM) and WebPKI solutions, enabling enterprises to secure their software supply chain by automating the issuance of code signing certificates. The partnership gives enterprises a fast, scalable solution to automate and control their urgent and ballooning need to create, track, and attest private key security without slowing down developer workflows.

Also Read: Reltio Debuts AI-Powered Release for Enhanced Customer Experience and Security

“We’re thrilled to work with Fortanix and help modern enterprises scale their secure code signing and bring operations to the next level”

Businesses rely on securing their CI/CD pipelines with public key infrastructure (PKI) and certificates to certify the integrity and origin at each stage of development — code signing. This process is necessary to ensure a high level of security, but its time-consuming nature often disrupts developer workflows and stifles innovation. The Fortanix and Sectigo partnership addresses this by enabling enterprises to automate and scale the security of their digital supply chains with purpose-built platforms that meet modern business needs.

Specifically, Sectigo now accepts Fortanix key provenance attestations with a code signing request (CSR), proving that private keys are created and stored in a hardware security module (HSM), a requirement from the Certificate Authority/Browser Forum as of 2023.

“Fortanix, like Sectigo, has built its services for automation, which is the only way for enterprises to truly scale and secure their CI/CD pipelines,” said Anand Kashyap, CEO and co-founder of Fortanix. “Security and speed are two elements that help separate dev teams from the competition, and this partnership delivers both.”

“We’re thrilled to work with Fortanix and help modern enterprises scale their secure code signing and bring operations to the next level,” said Nick France, chief technology officer at Sectigo. “Enabling the Sectigo Certificate Manager to cryptographically verify that joint customers use a FIPS-validated hardware security module for their private keys is a game-changer that impacts the entire software development lifecycle.”

Benefits of this new partnership include:

  • Verifiable trust. Certificates issued by an authority such as Sectigo can be validated through digital signatures, which can only be trusted if the associated private key is deemed to be stored as securely as possible.
  • Enhanced peace of mind. Meets CA/Browser Forum mandates that certificate requestors generate, store and use private keys with a FIPS 140-2 Level 3 validated HSM, which must be able to cryptographically attest that the private key indeed is hosted on such secure hardware.
  • A purpose-built platform. The Fortanix unified data security platform was built from the ground up to secure and manage enterprises’ most valuable secrets with Confidential Computing technology. Adding Sectigo Certificate Manager platform capabilities automates the attestation verification and certificate issuance process.

Also Read: CIO Influence Interview with Tyler Healy, CISO, DigitalOcean

[To share your insights with us as part of editorial or sponsored content, please write to psen@itechseries.com]

Related posts

HashiCorp Cloud Platform Now Available in Asia-Pacific Regions

CIO Influence News Desk

Isovalent Introduces Isovalent Cilium Mesh to Securely Connect Networks Across On-Prem, Edge, and Cloud

CIO Influence News Desk

Noname Security Announces New API Security Testing Solution to Leave No API Untested

GlobeNewswire