ASCOT, UK (September 08, 2011) – AEP Networks, the provider of trusted security, has responded to the increasing need for government departments to provide secure access to sensitive cloud-based public sector systems by delivering an IL3 certifiable access solution. The IL3 (impact level) accreditation is awarded by CESG which is attached to GCHQ and serves as the UK Government’s National Technical Authority for Information Assurance. The accreditation provides assurance that enhanced data security levels is in place to protect data at a restricted level.

AEP Networks has attained the IL3 accreditation through a combination of its LanProtect™ Assurance platform, and best practice guidelines which enables public sector project teams to deploy remote access solutions that meet the recognised security assurance requirements.

LanProtect™ Assurance has been developed by integrating AEP Networks’ Secure Application Access Gateway and Key Security and Management HSM solution. The end result enables organisations to provide users with secure web-browser based access to applications regardless of the backend infrastructure. A high level of security is achieved through a combination of:

•enhanced tamper-reactive hardware used to safeguard the integrity of the cryptographic keys protecting application access

•endpoint security management ensuring acceptable security standards of access devices

•a broad range of standard user authentication options for integration with existing user identity schemes such as Windows Active Directory or 2-factor authentication

To further assist project teams with the security assurance assessments of their Public Sector systems used for restricted marked documents, AEP Networks has published a set of best practice guidelines which provide the documentation and templates necessary for CESG Manual T assurance of LanProtect™ Assurance. These best practice guidelines are intended for use by assessment teams until CESG prepares the relevant Security Characteristics documentation for the final CPA scheme.

“We support CESG’s transition to a single, unified approach of security product assurance through the new Commercial Product Assurance framework. The final scheme will greatly simplify security certification for both government purchasers and vendors,” said Mark Darvill, director at AEP Networks. “We recognise that the increase in demand for cloud-based services means that the Public Sector cannot wait for the final CPA documentation to ensure secure access to their systems. By providing best practice guidelines with our LanProtect™ Assurance solution, we aim to make the task of self-assessment easier for our public sector customers so they can continue to roll out secure cloud services.”

AEP Networks has a long history of assuring products in CESG schemes with the Secure Application Access Gateway SSL/TLS remote access products being CCTM certified since 2007 and the Enhanced Grade Network Encryption IPSEC encryptors being certified at CAPS Enhanced Grade for over 10 years. Certification at this level means that the public sector has been able to trust AEP Networks to provide secure remote access to their internal systems.

The CESG is currently in the process of replacing the existing CCTM scheme with the more robust and defined Commercial Product Assurance (CPA) scheme.  As a result, no new versions or upgrades to existing products will be tested under the CCTM scheme. So during the overlap, any organisations relying on the CCTM scheme now need to carry out their own assessments to ensure that new releases and upgrades meet security standards.