Enterprise key management recommendations
Traditionally key management has been tied to the specific applications in use and therefore quickly becomes fragmented and ad hoc as the number of applications increases. Scalability quickly becomes an issue as a result of relying on manual processes for renewing certificates, rolling-over keys or moving and replicating keys across multiple host machines and removing keys as machines and storage media are retired, fail or redeployed. This frequently results in escalating costs particularly in situations where security and audit ability are high priorities.
In many situations the only way to adequately deal with these challenges is through the use of a dedicated, general purpose key management system. Such a system can act as a centralized repository for storing keys on behalf of multiple applications or ‘end-points’, distributing keys on demand. This provides a simple mechanism to unify key management policies and automate key life-cycle management tasks, greatly reducing costs and easing time critical tasks such as key recovery, key revocation and auditing. Important product selection criteria include scalability and the range of end-points that can be managed both in terms of target application and type of host platform and operating system. Finally due to the unique security characteristics of key management tasks, the absolute security properties of the key management system become important additional selection criteria. This includes the security of the key repository, tamper controls surrounding audit capabilities and the fundamental integrity of the key management software.
At the end of the day we need to protect our data. Increasingly, encryption is being seen as the best way to ensure that data is protected, but the ever growing use of encryption creates a management challenge. The challenge, however, doesn’t need to be daunting. Implementing a flexible and extensible solution that automates many of the time-consuming and error-prone key management tasks in an automated enterprise-wide manner is rapidly becoming a priority for many organizations. In order for enterprise-wide encryption to be deployed correctly, organizations need to deploy the correct tool to manage the keys. In the same way that data protection has moved from an IT challenge to a C-level issue, key management has become a high-level business imperative.