Encryption is a critical element of any security strategy and is widely leveraged to protect data, combat emerging threats and, when properly managed, satisfies a growing body of regulations. Yet managing the increasing key and certificate volumes has reached a tipping point as enterprises increase encryption deployments to better safeguard information. The encryption keys used to secure the data become the figurative keys to the kingdom. The key—and not the data itself—becomes the entity that must be secured. Poorly managed, lost or stolen encryption keys can lead to failed audits, data breaches and system downtime.
With the expanding use of encryption keys comes the increasing need for organizations to institute rigorous security measures and management procedures across the entire lifecycle of those keys. How do typical organizations secure and manage their keys—the keys required to encrypt data in transit? How are the keys protected against loss, misuse or theft? These become especially important questions given that the majority of data breaches are executed from inside organizations. In most cases, encryption keys are not being protected.
Traditional approaches to key lifecycle management—typically a manual approach—are proving limited, especially when these keys are deployed across various systems and applications. These approaches make it difficult to implement and enforce policies and procedures effectively—especially on legacy systems and applications where minimal management capabilities exist.
A more holistic approach is needed, one that automates key management. Such an approach includes automating the creation and management of encryption keys and certificates, configuring the applications that use them and providing comprehensive tools to monitor, control access and report on the status of each component being managed. This results in improved data security and regulatory compliance, critical system uptime, operational efficiency and audit readiness.
This presentation will contrast traditional views of key lifecycle management with key findings from large telecom and financial services organizations to present an expanded perspective of the key management operations required to approach this important problem more holistically.