The video technology hub | Pexip

Pexip leans into the future of cryptography with early FIPS 140-3 certification

Written by Joel Bilheimer;Strategic Account Architect | Aug 22, 2024 8:56:33 AM

At Pexip, we work with organizations that operate in highly sensitive environments, where protecting the confidentiality, integrity, and availability of critical communications is ‘Job One’. It’s meeting the video conferencing needs of these organizations, in the most secure and private way possible, is where Pexip finds its sweet spot.  

 

Since Pexip’s inception, our primary mission has been to replicate virtually the structures, capabilities, and protections that we all use and deploy in the real world for critical communication. For government and enterprise customers in critical industries such as defense, healthcare, or financial services, we don’t mess around when it comes to security.  

 

Our recently attained Federal Information Processing Standard (FIPS) 140-3  (inside Cryptographic Module Validation Program #4724) certification is not just a badge of honor for us – it shows our commitment to maintaining the highest standards in cryptographic security. We stay one step ahead of customers when it comes to security certifications, so they don’t have to worry about what’s next. Pexip is already there.  

 

 

What is FIPS 140-3? 

 

FIPS 140-3 is the current cryptographic standard established by and for the United States Government (USG). The National Institute of Standards and Technology (NIST) defines all FIPS standards, while the NIST Cryptographic Module Validation Program (CMVP) formally administers FIPS 140-3 testing.  

 

FIPS 140-3 serves as a benchmark for validating the effectiveness of cryptographic modules, ensuring that they meet the most stringent government security requirements. As a joint US-Canada standard, FIPS 140-3 is required for protecting USG data and the recommended standard for all Government of Canada (GC) data as well.  

 

Even if you're not dealing with the USG or GC, other governments and enterprise organizations recognize FIPS 140-3 as the gold standard for cryptography worldwide, due to the rigor of CMVP testing and NIST’s strict conformance requirements. Put simply, if you want to engage with the U.S. government or any organization operating in a high security environment, you need to be able to support FIPS-validated crypto.  

 

 

The road to FIPS 140-3 certification 

 

We in Pexip understood that the transition from the legacy FIPS 140-2 standard to the current FIPS 140-3 standard was inevitable. We also knew that it would require a significant undertaking, a journey that certainly wouldn’t happen overnight. In fact, as our friends at KeyPair Consulting LLC recently noted, the average amount of time to receive a FIPS 140-3 certification is about 19 months. In other words, this takes serious planning. 

 

Back in July 2022, we partnered with KeyPair, on whose expertise in cryptography we have relied for some time now, to determine an optimal path forward for our venerable FIPS 140-2 crypto stack. We knew that simply extending the old module would not suffice for our customers, and that we needed to be at the forefront of the new standard. We worked with KeyPair to incorporate the necessary changes to our secure video conferencing system to meet the new FIPS 140-3 standard. Eighteen long months later, here we are! 

 

 

Why FIPS 140-3 matters 

 

So, what makes this certification such an important one? For starters, it represents substantial improvements in cryptographic security over the old FIPS 140-2 standard, which has been around since 2001. Anyone who works in a critical industry knows that protecting mission communications is non-negotiable. We get that, and we also get that our customers cannot be beholden to outdated communications standards simply for the sake of compliance. We want you to know that Pexip will always aim to stay ahead of the curve in terms of securing your meetings. 

 

We also see that most organizations use products that are still operating under FIPS 140-2, which will expire in 2026. In fact, of all current FIPS 140 certificates, only 5% are for FIPS 140-3 (the remaining 95 percent are for FIPS 140-2) and of that group, 25% are interim certificates (not full validation).   

 

Pexip is at the top of a handful of companies that have pursued and received this next gen, full validation certification. Not only that, but our FIPS 140-3 certification is valid until 2029, which gives our customers peace of mind that their security infrastructure is built to last. 

 

 

 

Our security-first mindset 

 

We all know that cyber threats are only growing, both in sophistication and number, which is why we at Pexip believe that staying ahead of the latest security standards is so essential to our customers. Our FIPS 140-3 certification is just one example of that commitment.  

 

As we look ahead, we are already preparing for the next wave, whether it’s cryptographic modules, ensuring greater interoperability across systems, or preparing for upcoming technological advancements. We always aim to be ahead of the curve when it comes to delivering seamless and secure video experiences.  

 

To learn more about Pexip’s security certifications, please visit our Trust Center.