mcafee-blog1

Embedded Whitelisting Meets Demand for Cost Effective, Low-Maintenance, and Secure Solutions

McAfee® Embedded Control frees Hitachi KE Systems’ customers to focus on production, not security
Hitachi KE Systems, a subsidiary of Hitachi Industrial Equipment Systems, part of the global Hitachi Group, develops and markets network systems, computers, consumer products, and industrial equipment for a wide variety of industries. Hitachi KE meets the needs of customers who seek high quality yet cost-effective, low-maintenance systems for their operational technology (OT) environments—they don’t want to have to think about security at all.

In addition to the custom tablet and touch panel terminals and other hardware and software Hitachi KE sells, the Narashino, Japan-based company, also offers a one-stop shop for its solutions—from solution construction (hardware and software development) to operation and integration to maintenance and replacement. To provide the best solutions across this wide spectrum of offerings, the company often turns to partners to augment its technology.

“To expand our Internet of Things [IoT] solutions and operational features and functionality, we enhance our own products and systems with the latest digital and network technologies,” says Takahide Kume, an engineer in the Terminal Group at Hitachi KE. “We strive to provide the technologically optimal as well as most cost-effective solution for our customers.”

Highest Customer Concern: Production

Although the risk of a zero-day attack in their OT environments has increased dramatically as IoT has become commonplace, most of Hitachi KE’s customers do not have information security personnel on staff. For them, the only thing that counts is production. Does the technology solution enable faster, higher-quality, or more cost-effective production?

“Despite many malware-related incidents in the news, many of our customers honestly don’t care as much as they should about cybersecurity,” acknowledges Kume. “We have to educate their management that lack of security, if malware strikes, could seriously hurt production and business in general. Thankfully, making that point is becoming easier and easier with malware incidents on the rise.”

“We decided that embedded whitelisting was the best solution for reduced operating cost and high security in an OT environment… We felt McAfee offered the best long-term support and the highest quality technical support.”
—Takahide Kume, Engineer, Hitachi KE Systems

Best Solution for Minimal Overhead Yet High Security

Even before its customers began to catch on to the need for secure solutions, Hitachi KE began looking for a way to build security into its systems that have Microsoft Windows, Linux, and Google Android operating systems and often multiple versions within the customer’s environment. “Because our customers often lack security personnel, security must be extremely easy and basically run itself,” explains Kume “When a system is infected in the field, the person on the front line usually can’t do anything about it.”

“We decided that embedded whitelisting was the best solution for reduced operating cost and high security in an OT environment,” adds Kume. After examining leading whitelisting solutions, Hitachi KE chose McAfee® Embedded Control software.

“We felt McAfee offered the best long-term support and the highest quality technical support along with robust security,” he continues. “With McAfee Embedded Control installed, no one has to take care of the system in the field… Industrial systems are often set and left alone for a long time—they can be overtaken by malware without anyone realizing it. For such systems, McAfee Embedded Control is the best solution.”

McAfee Embedded Control maintains the integrity of Hitachi KE systems by only allowing authorized code to run and only authorized changes to be made. It automatically creates a dynamic whitelist of the authorized code on the system on which it resides. Once the whitelist is created and enabled, the system is locked down to the “known good” baseline, thereby blocking execution of any unauthorized applications or zero-day malware attacks.

“Almost Maintenance-Free” Solution Reduces TCO

Users of Hitachi KE Systems with McAfee Embedded Control can easily configure the machines, specifying exactly which applications and actions that will be allowed to run and who has authority to make modifications in the future. The minimal impact of the McAfee software on performance also means fewer problems to troubleshoot.

“McAfee Embedded Control is an almost maintenancefree solution,” says Kume. “It is extremely easy to update when needed and doesn’t require our customers to have a security expert on staff. Minimal maintenance lowers the total cost of ownership for our customers.”

Even if security hasn’t been their top priority, Hitachi KE customers have been very pleased with the addition of McAfee Embedded Control to their solutions. “Having McAfee security built in gives our customers and end users peace of mind that they can connect our systems to the Internet,” says Kume. “McAfee has had many success stories within the Hitachi Group, and this is just one of them.”

“Having McAfee security built in gives our customers and end users peace of mind that they can connect our systems to the Internet.”
—Takahide Kume, Engineer, Hitachi KE Systems

gemalto-blog5

The Future of Cybersecurity – A 2019 Outlook

From the record-breaking number of data breaches to the implementation of the General Data Protection Regulation (GDPR), 2018 will certainly go down as a memorable year for the cybersecurity industry. And there have been plenty of learnings for both the industry and organisations, too.

Despite having two years to prepare for its inception, some companies were still not ready when GDPR hit and have faced the consequences this year. According to the law firm EMW, the Information Commissioner’s Office received over 6,000 complaints in around six weeks between 25th May and 3rd July – a 160% increase over the same period in 2017. When GDPR came into force, there were questions raised about its true power to hold companies to account – with the regulation saying fines could be implemented up to £16.5 million or 4% of worldwide turnover. The latter half of this year has shown those concerns were unfounded, with big companies, including Uber as recently as this week, being fined for losing customer data. What 2018 has shown, is the authorities have the power and they’re prepared to use it.

In fact, the role of GDPR was to give more power back to the end user about who ultimately has their data, but it was also ensuring companies start taking the protection of the data they hold more seriously. Unfortunately, while the issue around protecting data has grown more prominent, the methods to achieving this are still misguided. Put simply, businesses are still not doing the basics when it comes to data protection. This means protecting the data at its core through encryption, key management and controlling access. In our latest Breach Level Index results for the first half of 2018, only 1% of data lost, stolen or compromised was protected through encryption. The use of encryption renders the data useless to any unauthorised person, effectively protecting it from being misused. Another reason to implement this is it is actually part of the regulation and will help businesses avoid fines as well. With such a large percentage still unprotected, businesses are clearly not learning their lessons.

So, moving on from last year, what might the next 12 months bring the security industry? Based on the way the industry is moving, 2019 is set to be an exciting year as AI gains more prominence and, quantum and crypto-agility start to make themselves known.

2019 Predictions
1. Quantum Computing Puts Pressure on Crypto-Agility

Next year will see the emergence of the future of security – crypto-agility. As computing power increases, so does the threat to current security protocols. But one notable example here is encryption, the static algorithms of which could be broken by the increased power. Crypto-agility will enable businesses to employ flexible algorithms that can be changed, without significantly changing the system infrastructure, should the original encryption fail. It means businesses can protect their data from future threats including quantum computing, which is still years away, without having to tear up their systems each year as computing power grows.

2. Hackers will launch the most sophisticated cyber-attack ever using AI in 2019

Up until now, the use of AI has been limited, but as the computing power grows, so too do the capabilities of AI itself. In turn this means that next year will see the first AI-orchestrated attack take down a FTSE100 company. Creating a new breed of AI powered malware, hackers will infect an organisations system using the malware and sit undetected gathering information about users’ behaviours, and organisations systems. Adapting to its surroundings, the malware will unleash a series of bespoke attacks targeted to take down a company from the inside out. The sophistication of this attack will be like none seen before, and organisations must prepare themselves by embracing the technology itself as a method of hitting back and fight fire with fire.

3. Growing importance of digital transformation will see the rise of Cloud Migration Security Specialists in 2019

As organisations embrace digital transformation, the process of migrating to the cloud has never been under more scrutiny; from business leaders looking to minimise any downtime and gain positive impact on the bottom line, to hackers looking to breach systems and wreak havoc. As such, 2019 will see the rise of a new role for the channel – the Cloud Migration Security Specialist. As companies move across, there is an assumption that they’re automatically protected as they transition workloads to the cloud. The channel has a role to play in educating companies that this isn’t necessarily the case and they’ll need help protecting themselves from threats. It’s these new roles that’ll ensure the channel continues to thrive.

4. A Boardroom Issue That Needs to Yield Results

With 2018 fast disappearing, the next year is going to be another big one no matter what happens, as companies still struggle to get to terms with regulations like GDPR. With growing anticipation around the impact of technologies like quantum and AI, it’s important that companies don’t forget that the basics are just as vital, if not more, to focus on. So, while 2018 has been the year where cybersecurity finally became a boardroom issue, 2019 needs to be the year where its importance filters down throughout the entire company. For an issue like cybersecurity, the company attitude towards it needs to be led from the top down, so everyone buys into it. If that happens, could next year see no breaches take place? Extremely unlikely. But maybe it could be the year the industry starts to turn the tide against the hacking community.

gemalto-blog4

The Cost of a Data Breach

How much does a data breach cost? So far, $242.7 million and counting if your company happens to be Equifax. That is how much the company has spent since its data breach that exposed sensitive personal and financial information for nearly 148 million consumers, according to its latest SEC filing. All because it left consumer information unencrypted and in the clear, which was highlighted in testimony before for the U.S. Senate Commerce Committee last year (watch the video below).

To put the size and scope of Equifax’s remediation efforts in comparison, in just seven months Equifax has spent nearly what Target spent ($252 million) in two years after its 2013 data breach. Equifax will likely continue to spend millions for the next several quarters on the cleanup.

For many years analysts and security professionals have tried to estimate what a data breach can cost a company. From the expense of having to upgrade IT infrastructure and security to paying legal fees and government fines – there are a lot of costs that are both tangible and intangible. In addition, there are the impacts to a company’s stock price and the erosion of customer trust (“Will they come back?”). For management teams it can also have a very real impact professionally. For example, the chairman and CEO of Target resigned months after the data breach, and the CEO resigned of Equifax resigned within weeks of its data breach.

Many studies have been done to calculate the cost of a data breach, including the annual Ponemon Institute’s Cost of a Data Breach report which calculates the cost down to the data record. According to the latest Ponemon annual report, the average cost of a data breach is currently $3.62 million globally, which comes to $141 a record. In the U.S., the cost is almost double that at $7.35 million. But do these research reports actually gauge what a data breach will cost a company? At the end of the day, equating data breach damages to a “per record” cost makes data breaches just an actuarial exercise of acceptable risk.

And this kind of goes with the prevailing sentiment that data breaches don’t cost companies that much. The thinking goes like this. For the breached company, the stock price will take a hit, customers will be enraged and money will be spent notifying customers and upgrading security. But, eventually the company recovers and it’s back to normal. After all, so the thinking goes, what is a couple million dollars in IT upgrades and fines to a company that worth $50 billion.

This type of thinking must change because we are at a tipping point on the implications of data breaches. The costs have become more real to companies and the boards who run them. CEOs and other members of the management team are now losing their jobs because data breaches now have more potential to be more life-threatening, if not killers, for companies. Take for example the TalkTalk data breach, which caused the company to lose more than 100,000 customers, and the fact that Yahoo! had to lower its purchase price by $350 million in its acquisition by Verizon. The last and most important factor is that governments are now taking notice and doing something about it. The European Union’s General Data Protection Regulation (GDPR) is a prime example of this, and countries around the world are looking at it as the model for their own regulations.

If costs and risks of data breaches are increasing (and they are), companies need a radical shift in their approach to data security if they are going to more successful in defending sensitive data they collect and store. With organizations extending their business to being cloud- and mobile-first, their attack surface and likelihood of accidental data exposure continues to grow. These trends all point to a consistent theme – security needs to be attached to the data itself and the users accessing the data. Only then can companies maintain control of their data in the cloud, manage user access to cloud apps, and keep it secure when it falls into the hands of adversaries. By implementing a three step approach – encrypting all sensitive data at rest and in motion, securely managing and storing all of your encryption keys, and managing and controlling user access – companies can effectively prepare for a breach. It’s being done by many companies today and is also a requirement for transitioning from a strategy optimized for breach prevention to a strategy optimized for a “Secure the Breach” strategy.

gemalto-blog3

Why Data Encryption and Tokenization Need to be on Your Company’s Agenda

As children we all enjoyed those puzzles where words had their letters scrambled and we had to figure out the secret to make the words or sentences legible. This simple example of encryption is deployed in vastly more complex forms across many of the services we use everyday, working to protect sensitive information. In recent years the financial services industry has added a new layer of encryption called tokenization. This concept works by taking your real information and generating a one-time code, or token, that is transmitted across networks. The benefit is that if the communication is intercepted your real details are not compromised.

According to our Breach Level Index there were 1,765 breaches in 2017. And these breaches are getting faster and larger in scope, over two billion records were lost last year. The fallout for companies is significant so it is in their interests to do whatever they can to protect their customer’s data.

Of course, encryption is a very complicated field of research, and one shouldn’t expect board level executives to understand how the cryptographic algorithms work. But they must understand just how vitally important it is that data is secure, whether at rest or in motion.

Those working on encryption face a challenge to ensure that access to applications, databases and files is unimpeded by the need to encrypt and decrypt data. There is a performance issue here, and so companies need to evaluate and test while decided what data, when, how and where should be encrypted.

The worrying thing is that despite the clear need for such work, there is a distinct lack of cyber security professionals worldwide—and especially in encryption. Indeed, you’ll often see job postings for security positions where experience of encryption isn’t even mentioned.

As the statistics show, this is having a huge effect on companies. In 2017, less than 3% of data breaches involved encrypted data. If we accept that companies are going to get hacked it is imperative that any data that is stolen is rendered useless through encryption.

Encryption would have mitigated the damage to brand image, reputation, company financial losses, government fines and falls in stock prices as well as damage to their executives image and reputation. It is also a major disincentive to criminals as the effort needed to crack the algorithms makes it entirely unprofitable while there are so many other available targets.

So if the problem is so clear, and the solution so obvious, why are companies delaying investing in encrypting data?

Well, many executives I speak to daily in Latin America tell me that the security of their Big Data is handled by their cloud service provider. And if there was a leak, it would be the supplier’s responsibility.

This completely overlooks that customers, authorities, investors and the wider public do not care about this distinction. They will all associate any breach with the company, never a supplier of services. So, while ultimately liability may fall at the feet of the cloud service provider, the immediate and potentially catastrophic impact will be felt by the breached company.

It is therefore crucial that companies start taking serious responsibility for the data of their customers. Whether internal staff or cloud provider, conversations need to be had about how data is encrypted. This includes:

• Checking that the cryptographic algorithms used are certified by international bodies 
• Checking to ensure that your cryptographic keys are stored in an environment fully segregated from where you store your encrypted information (whether held by third parties or in your own systems, files, or databases).

PwC suggests that one of the biggest concerns CEOs fear is a cyber-attack. Given the severity of the threat, we must recognize that we are all responsible for promoting data security. And that means adopting best practices for data protection, deploying encryption, and optimizing management of cryptographic keys.

avigin-blog2

The Demand for AI and Video Analytics in an Increasingly Connected World

Through advanced AI technology, video analytics and our cloud platform, Avigilon is changing the way our customers interact with their surveillance systems. Read our blog post, and the full article originally featured in SourceSecurity.com.

Today’s security industry has reached a critical mass in the volume of collected data and the limits of human attention to effectively search through that data. As such, the demand for video analytics is increasing globally and we believe that most video surveillance systems will eventually feature video analytics.

Artificial Intelligence Solutions

Through the power of artificial intelligence (AI), Avigilon is developing technologies and products that dramatically increase the effectiveness of security systems by focusing human attention on what matters most. As AI solutions become adopted, it provides scalable solutions that can be deployed across a range of verticals and applications to better address security challenges.

GPU Technology Increases in Value

As the world becomes increasingly connected, the way we think about and interact with our security systems will continue to evolve across various verticals and applications. The emergence of GPU technology, in particular, has led to a dramatic increase in performance and value. With the democratisation of video analytics, and increased use of AI and deep learning, we believe that video analytics will be inherent in digital surveillance and used in broader applications. Cybersecurity will become more important as we move toward a more connected approach to security—particularly as our collected data becomes more sophisticated and critical.

avigin-blog-1

How Artificial Intelligence Is Changing Video Surveillance Today

Avigilon recently contributed an article to Security Informed that discusses how artificial intelligence (AI) is changing video surveillance today. The article outlines the need for AI in surveillance systems, how it can enable faster video search, and how it can help focus operators’ attention on key events and insights to reduce hours of work to minutes.

Below is the full article, modified from its original version to fit this blog post, which can also be found on SecurityInformed.com.

There’s a lot of excitement around artificial intelligence (AI) today — and rightly so. AI is shifting the modern landscape of security and surveillance and dramatically changing the way users interact with their security systems. But with all the talk of AI’s potential, you might be wondering: what problems does AI help solve today?

The Need for AI

The fact is, today there are too many cameras and too much recorded video for security operators to keep pace with. On top of that, people have short attention spans. AI is a technology that doesn’t get bored and can analyze more video data than humans ever possibly could.

It is designed to bring the most important events and insight to users’ attention, freeing them to do what they do best: make critical decisions. There are two areas where AI can have a significant impact on video surveillance today: search and focus of attention.

Faster Search

Imagine using the internet today without a search engine. You would have to search through one webpage at a time, combing through all its contents, line-by-line, to hopefully find what you’re looking for. That is what most video surveillance search is like today: security operators scan hours of video from one camera at a time in the hope that they’ll find the critical event they need to investigate further. That’s where artificial intelligence comes in.

With AI, companies such as Avigilon are developing technologies that are designed to make video search as easy as searching the internet. Tools like Avigilon Appearance Search™ technology — a sophisticated deep learning AI video search engine — help operators quickly locate a specific person or vehicle of interest across all cameras within a site.

When a security operator is provided with physical descriptions of a person involved in an event, this technology allows them to initiate a search by simply selecting certain descriptors, such as gender or clothing color. During critical investigations, such as in the case of a missing or suspicious person, this technology is particularly helpful as it can use those descriptions to search for a person and, within seconds, find them across an entire site.

Focused Attention

The ability of AI to reduce hours of work to mere minutes is especially significant when we think about the gradual decline in human attention spans. Consider all the information a person is presented with on a given day. They don’t necessarily pay attention to everything because most of that information is irrelevant. Instead, they prioritise what is and is not important, often focusing only on information or events that are surprising or unusual.

Now, consider how much information a security operator who watches tens, if not hundreds or thousands of surveillance cameras, is presented with daily. After just twenty minutes, their attention span significantly decreases, meaning most of that video is never watched and critical information may go undetected. By taking over the task of “watching” security video, AI technology can help focus operators’ attention on events that may need further investigation.

For instance, technology like Avigilon Unusual Motion (UMD) uses AI to continuously learn what typical activity in a scene looks like and then detect and flag unusual events, adding a new level of automation to surveillance.

This helps save time during an investigation by allowing operators to quickly search through large amounts of recorded video faster, automatically focusing their attention on the atypical events that may need further investigation, enabling them to more effectively answer the critical questions of who, what, where and when.

As AI technology evolves, the rich metadata captured in surveillance video — like clothing color, age or gender — will add even more relevance to what operators are seeing. This means that in addition to detecting unusual activities based on motion, this technology has the potential to guide operators’ attention to other “unusual” data that will help them more accurately verify and respond to a security event.

The Key to Advanced Security

There’s no denying it, the role of AI in security today is transformative. AI-powered video management software is helping to reduce the amount of time spent on surveillance, making security operators more efficient and effective at their jobs. By removing the need to constantly watch video screens and automating the “detection” function of surveillance, AI technology allows operators to focus on what they do best: verifying and acting on critical events.

This not only expedites forensic investigations but enables real-time event response, as well. When integrated throughout a security system, AI technology has the potential to dramatically change security operations. Just as high-definition imaging has become a quintessential feature of today’s surveillance cameras, the tremendous value of AI technology has positioned it as a core component of security systems today, and in the future.

Veritas-NetBackup-2

Top Reasons to use Veritas NetBackup 8.1 data Protection for Nutanix Workloads.

The continual growth of data increases the use of virtualization and drives the need for highly scalable data protection and disaster recovery solutions. As a result, organizations are turning to hyperconverged solutions as way to keep deployment and management of their infrastructure simple, by managing the entire stack in a single system. As more and more organizations are adopting hyperconverged infrastructure, they are moving their mission critical data and applications to them.

Read how you can protect modern workloads in hyperconverged environments with Veritas NetBackupTM 8.1 including Parallel Streaming Framework, which simplifies modern workload backup and recovery, and delivers the performance required to accelerate the transformation to the digital enterprise.

1. DATA PROTECTION FOR SIMPLE, EFFICIENT HYPERCONVERGED INFRASTRUCTURES.

According to Stratistics MRC1, the Global Hyperconverged Infrastructure (HCI) Market accounted for approximately $1460 million in 2016 and is expected to reach $17027 million by 2023 growing at a CAGR of 42.0 percent from 2016 to 2023. Nutanix is the clear market leader in the HCI space.

hyperconverged is about keeping IT simple. Data protection should be too. Veritas NetBackup 8.1 with Parallel Streaming framework takes multi-node infrastructure running Nutanix Acropolis and AHV and streams from all nodes simultaneously. This is a unique way of backing up Nutanix. In fact, we have partnered with Nutanix to certify protection of those workloads on HCI.

2. ELIMINATE POINT PRODUCTS IN A HIGHLY VIRTUALIZED NUTANIX AHV ENVIRONMENTS.

NetBackup, the market leader of enterprise backup and recovery software, delivers to any size enterprise, unified data protection for Nutanix AHV virtual environments with proven enterprise scalability, and automated VM protection and performance. Veritas and Nutanix combined deliver an integrated, hyperconverged solution that eliminates silos.

3. ON-DEMAND, AGENTLESS, DOWNLOADABLE PLUGIN ARCHITECTURE.

Commvault and Veeam require dedicated resources on a Nutanix server. NetBackup Parallel Streaming technology with scale-out, agentless workload plugins can be used to efficiently protect virtual machines in Nutanix HCI or other hyperconverged cluster environments. The backup environment can be scaled in the same fashion as the production environment it was protecting. The Nutanix plugin is available on-demand for as many backup hosts as you select. No agents, clients, or software are installed on the cluster itself.

4. REDUCED RISK WITH RECOVERY OF POINT-IN-TIME HISTORICAL DATA.

Unlike any major competitive products, NetBackup 8.1 with Parallel Streaming technology enables customers to perform point-in-time backup while eliminating the need for an extra replication cluster, and at lower costs. Snapshots alone cannot refer to point-in-time data, so you need a data protection solution that help you quickly retrieve historical data without worrying about replicating data from human errors. Ensure that you can consistently meet SLAs and compliance mandates.

5. CHOICE OF HARDWARE, HYPERVISORS, AND CLOUD CONNECTORS.

Veritas protects petabyte-scale workloads running on hyperconverged infrastructure and offers a choice of hardware, hypervisor or cloud vendors.

Simplify backup with our Veritas Flex appliance and create a very streamlined solution, or use cloud as another storage tier for data. NetBackup has 40+ fully tested, cloud-connectors, which enables customers to leverage multi-cloud for long-term retention.

gemalto-cloud-security

Cloud Security: How to Secure Your Sensitive Data in the Cloud

In today’s always-connected world, an increasing number of organisations are moving their data to the cloud for operational efficiency, cost management, agility, scalability, etc.

As more data is produced, processed, and stored in the cloud – a prime target for cybercriminals who are always lurking around to lay their hands on organisations’ sensitive data – protecting the sensitive data that resides on the cloud becomes imperative.

Data Encryption Is Not Enough

While data encryption definitely acts as a strong deterrence, merely encrypting the data is not enough in today’s perilous times where cyber attacks are getting more sophisticated with every passing day. Since the data physically resides with the CSP, it is out of the direct control of the organisations that own the data.

In a scenario like this where organisations encrypt their cloud data, storing the encryption keys securely and separately from the encrypted data is of paramount importance.

Enter BYOK

To ensure optimal protection of their data in the cloud, an increasing number of organisations are adopting a Bring Your Own Key (BYOK) approach that enables them to securely create and manage their own encryption keys, separate from the CSP’s where their sensitive data is being hosted.

However, as more encryption keys are created for an increasing number of cloud environments like Microsoft Azure, Amazon Web Services (AWS), Salesforce, etc., efficiently managing the encryption keys of individual cloud applications and securing the access, becomes very important. Which is why many organisations use External Key Management (EKM) solutions to cohesively manage all their encryption keys in a secure manner that is bereft of any unauthorised access.

Take the example of Office 365, Microsoft’s on-demand cloud application that is widely used by organisations across the globe to support employee mobility by facilitating anytime, anywhere access to Microsoft’s email application – MS Outlook and business utility applications like MS Word, Excel, PowerPoint, etc.

Gemalto’s BYOK solutions (SafeNet ProtectApp and SafeNet KeySecure) for Office 365 not only ensure that organisations have complete control over their encrypted cloud data, but also seamlessly facilitate efficient management of the encryption keys of other cloud applications like Azure, AWS, Google Cloud and Salesforce.

Below is a quick snapshot of how SafeNet ProtectApp and SafeNet KeySecure seamlessly work with Azure BYOK:

1. SafeNet ProtectApp and KeySecure are used to generate a RSA Key Pair or required Key size using the FIPS 140-2 certified RNG of KeySecure.

2. A Self-SignedCertificateUtility.jar (which is a Java-based application) then interacts with KeySecure using a TLS-protected NAE service to fetch the Key Pair and create a Self-signed Certificate.

3. The Key Pair and Self-signed Certificate are stored securely in a PFX or P12 container that encrypts the contents using a Password-based Encryption (PBE) Key.

4. The PFX file (which is an encrypted container using a PBE Key) is then uploaded on Azure Key Vault using Azure Web API / Rest.

5. The transmission of the PFX file to the Azure Key Vault is protected using security mechanisms implemented by Azure on their Web API (TLS / SSL, etc.).

6. Since the PFX files will be located on the same system on which the SelfSignedCertificateUtility.jar utility will be executed, industry-best security practices like ensuring pre-boot approval, enabling two-factor authentication (2FA), etc. should be followed.

7. Once the Keys are loaded on Azure Key Vault, all encryption operations happen on Azure platform itself.