The Future of Encryption
by Richard Moulds - nCipher - Monday, 18 February 2008.
Archiving, recovery and delivery of keys are all crucial parts of the equation. For instance, if a laptop breaks down or a back-up tape is stolen the issue is not just one of security, but also business continuity. Information recovery takes on a whole new dimension, particularly in an emergency situation when the recovery process is performed in a different location, by a different team, governed by different policies and on protected data that is years or even decades old. What used to be a data management problem is now also a serious key management problem.

Enterprise key management recommendations

Traditionally key management has been tied to the specific applications in use and therefore quickly becomes fragmented and ad hoc as the number of applications increases. Scalability quickly becomes an issue as a result of relying on manual processes for renewing certificates, rolling-over keys or moving and replicating keys across multiple host machines and removing keys as machines and storage media are retired, fail or redeployed. This frequently results in escalating costs particularly in situations where security and audit ability are high priorities.

In many situations the only way to adequately deal with these challenges is through the use of a dedicated, general purpose key management system. Such a system can act as a centralized repository for storing keys on behalf of multiple applications or ‘end-points’, distributing keys on demand. This provides a simple mechanism to unify key management policies and automate key life-cycle management tasks, greatly reducing costs and easing time critical tasks such as key recovery, key revocation and auditing. Important product selection criteria include scalability and the range of end-points that can be managed both in terms of target application and type of host platform and operating system. Finally due to the unique security characteristics of key management tasks, the absolute security properties of the key management system become important additional selection criteria. This includes the security of the key repository, tamper controls surrounding audit capabilities and the fundamental integrity of the key management software.


At the end of the day we need to protect our data. Increasingly, encryption is being seen as the best way to ensure that data is protected, but the ever growing use of encryption creates a management challenge. The challenge, however, doesn’t need to be daunting. Implementing a flexible and extensible solution that automates many of the time-consuming and error-prone key management tasks in an automated enterprise-wide manner is rapidly becoming a priority for many organizations. In order for enterprise-wide encryption to be deployed correctly, organizations need to deploy the correct tool to manage the keys. In the same way that data protection has moved from an IT challenge to a C-level issue, key management has become a high-level business imperative.


What's the real cost of a security breach?

The majority of business decision makers admit that their organisation will suffer an information security breach and that the cost of recovery could start from around $1 million.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.

Thu, Feb 11th