- Keys have multiple access points
- Keystore passwords are not changed regularly
- The same password is used across multiple keystores
- Private key(s) are manually shared between administrators and applications
- Distribution policies are lax or unclear
- Private keys and passwords are not changed when administrators leave the organisation
- Expansive key volumes leave glaring gaps in coverage.
Instead, organisations need to implement sound encryption key management practices required to truly secure data. Using an automated and policy-based tool, you can then easily implement best practices such as separation of duties, regulated workflow, forensically durable logging, HSM integration, secure key distribution and regular key rotation.
With encryption keys’ exposure minimised, controlled and audited, companies know that their encryption assets truly deliver the promised security to truly protect vital data.
While Sir Isaac Newton may have a different take on the law of physics, were he alive today, I’m sure security would factor heavily in his theories.
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.