Effective Enterprise Key Management

Effective enterprise key management

Driven by issues to prevent data breach and meet regulatory compliance requirements companies are encrypting critical data at an alarming rate. Added to this issue is the renaissance in encryption driven by cloud computing, mobile technology and basic security needs. To protect sensitive data the process involved is using native encryption software’s throughout the organization; this increases the complexity, adds to the operational cost and results in inconsistent security policies. Ponemon Institute study reports ‘In 2010 data breaches in US cost an average of 6.5 million per event and more than $200 per compromised record to pay for detection, response, notification, and lost business’.

Encryption keys are fundamental for encrypting and decrypting indispensible protected data. As stated by a researcher working for IDG “Proper key management is the key to building comprehensive data protection infrastructure out of the chaotic world of single purpose encryption applications”. Effective key management involves managing the life cycle of the key as well as keeping the key separate from the data and the applications to maximize security. The task of reducing the risk of unauthorized access and adherence to the data protection policies is challenging and most of the management applications neglect this. Also the lack of consistency across the multiple devices and platform dependent software’s decrease the return on investment of the encryption mechanisms implemented.

Risks include:

1. Most of the legacy software or native software’s are incapable of separating duties between administrators who manage sensitive data and security personnel’s who are responsible for key management, this results in keys being handled in a manner which goes against the regulatory measures leading to non-compliance issues.

2. Proliferation of key managers adds to the burden on the administrators. Decentralized key managers’...