An AES in the Hole

Government vendors gain advantage with fully compliant solutions

• By Daryl Miller
• May 01, 2009

It's no secret that government facilities must have airtight security systems and protocols in place for protecting communications. In fact, that's one thing every official, company and government body can agree on. With a new administration in place and an increased focus on all levels of security, especially cyber security, it is vital that all government agencies have policies and technology in place to safeguard against unwanted attacks.

The challenge is finding vendors with the ability to provide tight data security that meets all security and encryption standards set forth by the government. This is especially true when short compliance deadlines and quick time-to-market conditions are required. However, if vendors can find a way to meet all requirements and provide fully compliant security solutions, they automatically have a competitive advantage.

Wanted: Lockdown Data Security

Honeywell International, a global public company based in New Jersey, understood the urgency and quickly set out to find a way to incorporate all new government security standards for encryption, including advanced encryption. The company provides solutions that support regulatory compliance, improve profitability and maintain safe environments in homes, buildings and industry. To keep a majority of the company's business and help customers meet critical deadlines, Honeywell needed a fast, efficient and cost-effective way of addressing the AES for government installation.

In June 2003, the government adopted the AES encryption standard, which was announced by the National Institute of Standards and Technology in 2001. It is based on FIPS-197. Today, AES is one of the most popular algorithms used in symmetric key cryptography. Honeywell understood the need to quickly obtain the level of secure connectivity needed for its customers. Knowing the parameters of the company's limited expertise in the subject matter and personal capabilities, they immediately turned to Lantronix for help.

Instant Implementation, Data Security

Lantronix has developed secure device servers and networking equipment for decades, working with customers to ensure their needs and standards are met. The company's SecureBox SDS product was the first device server certified by NIST to meet FIPS-197 standards for ensuring secure data communication at AES levels. Having worked with Lantronix in the past, Honeywell was confident that together, they could quickly find a solution that met Honeywell's needs, while limiting engineering changes for Lantronix.

"For more than three decades, Honeywell has been a leading provider of advanced security systems for government applications," said Greg Turner, director of global offer management at Honeywell International. "Therefore, it was critical that we find a cost-effective way to address the new AES-certification requirement for our customers. Based on our past experience with Lantronix, we had confidence the SecureBox device servers were the solution that could enable us to quickly meet that challenge."

Securebox device servers provided a complete end-to-end solution for ensuring that the information within these devices could be securely accessed and transmitted over a network or the Internet. The single- and dual-port external device servers incorporated Lantronix' proven hardware, firmware and software utilities, making it a perfect fit.

The SecureBox SDS1100 was incorporated directly into the Honeywell enterprise buildings integrator architecture. The solution enabled Honeywell's remote security and access control devices to provide network communications with advanced encryption, without replacing existing controllers. By incorporating Lantronix' SecureBox directly into the system architecture, Honeywell greatly enhanced the level of secure data communications between networked devices at facilities.

Reduced Time to Market

"Working with our customers to hit clearly-defined objectives is a core strength of Lantronix," said Jerry Chase, CEO of Lantronix. "We knew from the start that Honeywell needed a highly-secure solution quickly. Thanks to our newly-certified SecureBox product, we were able to deliver exactly what the customer needed in a tight timeframe."

Honeywell obtained the required level of secure connectivity within days. The ease of implementation allowed the company to quickly bring its Security Manager (a component of EBI) to market. Using the SecureBox SDS1100, Honeywell decreased its time-to-market and increased its competitive advantage. The company also retained its current customer base, while offering a leading-edge solution for other government agencies looking to comply with the AES standard.

"By incorporating the SecureBox SDS1100 directly into our new products, we were able to accelerate the launch of our AES-certified Honeywell Enterprise Buildings Integrator to meet critical government compliance deadlines for our clients," Turner said.

Working with government agencies requires flexibility and the ability to commit to rigid deadlines. Companies able to deliver under these restraints benefit greatly in today's volatile business environment.

Lantronix' solutions allowed Honeywell to honor a time-sensitive commitment and product specification for a very important customer—the government.

This article originally appeared in the May 2009 issue of Security Today.