What is a Certificate?
Certificates used on the Internet are called “digital certificates”. A digital certificate acts like an identification card on the Internet.
A client certificate, which is a type of digital certificate, is used to identify the client from which the connection originates.There are two types of client certificates: device certificates, which validate devices, and user certificates, which validate users. The CloudGate certificate belongs to the "device certificate".
The CloudGate Certificate are more secure because they are issued using a special chip (SE, TPM) that protects and stores confidential data such as private keys and biometric information, which is installed in most terminals these days.
This function allows you to add certificate authentication to CloudGate UNO, which allows access only to company-designated devices. Customers can select the certificate to be used according to their operation method.
CloudGate Certificate based on Secure Element
Private keys are stored in a secure area of the device, enabling strict device restrictions.
Remote Terminal Designation Cybertrust Certificates
Certificates can be issued in association with device IDs (MAC addresses, UDIDs, etc.), enabling strict device restrictions.
CloudGate UNO can issue Cybertrust’s “Cybertrust Device ID” (device certificate). This certificate is called “Cybertrust Certificate” in CloudGate UNO.
Is “that” device you are accessing for remote work secure?
Due to the spread of remote work, there are more opportunities to work outside the office such as at home, and it is difficult to ensure security only by restricting access based on conventional IP addresses.
In addition, although the shift to the cloud in business has made it more convenient, it has the potential to cause security incidents that were previously unforeseen.
If you do not limit the devices that access the system and cloud services used for business, the following risks could exist:
Unauthorized Access
If ID's and passwords are compromised and unauthorized access is gained to systems and cloud services, there is a risk of stored data leakage, system destruction or shutdown, backdoor, etc.
Access from Shadow IT
Accessing systems and cloud services from unauthorized device means that unsecured device are connecting to information assets. There is also a risk of information leakage due to the possibility of infection with malware.
These risks can be prevented by limiting the devices that can access the systems and cloud services used for business to “Certified Devices”
Benefits of Certificate Integration
Allow access only to company-owned devices
Checks whether the accessing device has a device certificate and blocks access from devices that do not have it.
Certificate management functions according to your needs
You can select the certificate issuance and installation method best suited to your company’s operations.
Flexible access rule settings
CloudGate UNO’s security profile function allows you to set flexible access rules.
Multiple SSO Support
Comfortable to use even if the number of cloud services used increases. Achieve both convenience and enhanced security.
Allow access only to company-owned devices
Access to cloud services can be allowed only from PCs and smart devices owned and provided by the company. By installing a device certificate on the device in advance, CloudGate UNO checks whether the accessing device holds the device certificate and blocks access from devices that do not. Even if the login ID and password are known to a malicious third party, unauthorized access from a device that does not hold a device certificate can be prevented. In addition, if a device is lost, the administrator can revoke the certificate to deny access from that device.
Certificate management functions according to your needs
You can choose from two types of device certificates, each with its own characteristics, to select the certificate issuance and installation method best suited to your company’s operations.
CloudGate Certificate
based on Secure Element
• Certificates can be issued and installed by administrator authentication on the device to be authorized.
• The risk of unauthorized copying or exporting of certificates is dramatically reduced by keeping the private key outside the device and out of the network path.
Remote Terminal Designation
Cybertrust Certificate
(formerly secured by Cybertrust)
• Strict control of which device are allowed to install certificates by specifying unique device identifiers such as MAC addresses and UDIDs in advance.
• Send the certificate installation method to the user’s e-mail address and download it by the user himself/herself. The certificate is tied to the unique identifier of the device, so it can be strictly identified.
Flexible access rule settings
CloudGate UNO’s security profile function allows security rules to be applied to individual users, departments, and positions. For example, if a department needs access from outside the company, or if a user needs access only from a specific device, flexible access rules can be set by combining other security rules and device authentication using device certificates.
Multiple SSO Support
CloudGate UNO supports multiple cloud services. Device certificates can limit the devices that can be used, but they can also be used for cloud services such as the ones you see here, and the same policy can be applied to each cloud service as well as improving convenience with single sign-on.
*When using a smartphone, some services do not allow the use of certificates.
FAQ about CloudGate Certificate Option
To which plans is it added?
Available with the purchase of a Smart Pack plan or the Device Certificate Option.
Do I need to specify the number of CloudGate certificates and Cybertrust certificates to use?
There is no need to specify the number of certificates to be used for each. If you purchase a device certificate, CloudGate certificates and Cybertrust certificates can be issued for the number of licenses you have purchased. For example, if you purchase 100 device certificates, 50 CloudGate certificates and 50 Cybertrust certificates can be issued.
Please let us know about future updates to CloudGate certificates.
CloudGate certificates will be expanded to support a variety of operating systems in the future. In addition, we plan to update the CloudGate certificate with features that will make it easier to use, such as a certificate reissue flow and certificate registration by the user.
Other Features of CloudGate UNO
User Authentication
Enhanced and versatile authentication methods for system administrator to choose from.
Access Control
You can manage the conditions (location/device/time) under which login to the service is allowed.
Active Directory
ID federation and authentication federation by Active Directory federation are possible.
Identity and Access Management (IAM)
It allows centralized management of everything from ID management to lifecycle management such as provisioning.
