To protect encryption keys, administrators must follow clear, well-documented processes that minimise the keys’ exposure. The sad truth is that most company’s manual key management practices fail to measure up:

• Keys have multiple access points
• Keystore passwords are not changed regularly
• The same password is used across multiple keystores
• Private key(s) are manually shared between administrators and applications
• Distribution policies are lax or unclear
• Private keys and passwords are not changed when administrators leave the organisation
• Expansive key volumes leave glaring gaps in coverage.

With so many points of exposure, dozens of people can access thousands of keys. Additionally the reality of typically high IT staff turnover instead of reducing the risk of a compromise, instead actually magnifies it.

Instead, organisations need to implement sound encryption key management practices required to truly secure data. Using an automated and policy-based tool, you can then easily implement best practices such as separation of duties, regulated workflow, forensically durable logging, HSM integration, secure key distribution and regular key rotation.

With encryption keys’ exposure minimised, controlled and audited, companies know that their encryption assets truly deliver the promised security to truly protect vital data.


While Sir Isaac Newton may have a different take on the law of physics, were he alive today, I’m sure security would factor heavily in his theories.