When a company stores critical data, whether in its own data center or in the cloud, encryption key management is vital to keeping that data secure, and letting the data center or cloud provider control the keys isn’t always an option.
Cyberattacks on enterprises are on the rise, but most enterprise IT shops are still using archaic key-management methods. For many, key management is a painful process, often because of those outdated methods, but there are solutions out there that take the pain out.
Related: How Google’s Custom Security Chip Secures Servers at Boot
Instead of letting a colocation or a cloud provider control its encryption keys, a company normally encrypt the critical data and then sends it out to the storage location, said Chris Day, chief cybersecurity officer at Cyxtera Technologies, a security-focused data center provider formed this year as a result of an acquisition of CenturyLinks massive global data center portfolio by a group of investors.
“The security benefits are obvious when the customer properly manages their own keys,” he said. “However, key management can be complex, and many organizations do not possess the skills in-house to properly do so.”
In fact, according to a surveyconducted earlier this year by the Ponemon Institute and Thales e-Security, 59 percent of companies said there was a high degree of pain associated with key management, up from 53 percent the year before.
Top reasons for the pain? There was no clear ownership of the key-management function, followed by a lack of skilled people and isolated or fragmented key-management systems.
Keys to external clouds and hosted services are the hardest types of keys to manage, according to the survey.
It doesn’t help that 51 percent of companies use manual processes, such as paper or spreadsheets, to keep track of encryption keys. Only 37 percent of companies have formal key-management infrastructure in place.
On this front, however, the situation is improving slightly. In last year’s survey, 57 percent said they used manual processes, and only 31 percent had key-management infrastructure in place.
Having a centralized key-management system offers other benefits besides just being able to unlock data.
That includes compliance requirements, such as data sovereignty concerns, said Daren Glenister, field CTO at Intralinks.
“[Customer-managed keys] show that even though data resides in a certain country, it may ultimately be controlled in a separate country,” he said.
Key-management tools also make it possible for companies to replace their keys on a regular basis.
“Keys ought to be rotated or expired without affecting access to legacy data,” said Vamshi Sriperumbudur, VP of marketing at CipherCloud, which helps companies protect data stored in Dropdox, Salesforce, Office 365, Box, and other cloud services.
And if someone wants to access the data stored in the cloud, they have to talk to the company itself to get the keys, he added. “No-one — whether its law enforcement, cloud provider system admins, or cyber criminals — can access sensitive information under any circumstances without contacting the data owner first.”
Finally, by having a good key-management system a company doesn’t have to worry about a storage vendor having backups of its key data that might be hanging around when they’re no longer needed.
“If you need to shred all keys, you hit the button on the local hardware security module, and it does it for you,” said Ashwin Krishnan, SVP of product management at HyTrust, which offers key-management software that can run locally, behind a customer’s firewall, or in a cloud.
“Some customers might not be capable, or might not want to invest in managing keys on-premises,” he said. “But they can easily make a case for hosted key management.”
- encryption - How secure is AES-256? - Cryptography Stack ... - June 2nd, 2019
- The World's Email Encryption Software Relies on One Guy, Who ... - May 5th, 2019
- Encryption breakthrough could keep prying eyes away from your ... - May 5th, 2019
- What Is Data Encryption? Definition, Best Practices & More ... - May 1st, 2019
- IronClad Encryption Partners with Data443 Risk Mitigation ... - April 30th, 2019
- What Is Encryption? An Overview of Modern Encryption ... - April 30th, 2019
- Symmetric vs. Asymmetric Encryption What are differences? - April 29th, 2019
- Difference Between Hashing and Encryption - ssl2buy.com - April 29th, 2019
- What is Advanced Encryption Standard (AES)? - Definition ... - April 29th, 2019
- How to Encrypt Your Wireless Network - Lifewire - April 29th, 2019
- After Paris, Encryption Will Be a Key Issue in the 2016 ... - April 22nd, 2019
- Email encryption - Wikipedia - April 8th, 2019
- What is Encryption, and Why Are People Afraid of It? - April 8th, 2019
- Data encryption | cryptology | Britannica.com - April 8th, 2019
- How to Enable Full-Disk Encryption on Windows 10 - April 1st, 2019
- After Paris, Encryption Will Be a Key Issue in the 2016 Race - March 27th, 2019
- Does Encryption Really Help ISIS? Heres What You Need to ... - March 27th, 2019
- AES and RSA Encryption Explained - March 27th, 2019
- Encryption: What it is and why its important - Norton - March 23rd, 2019
- Email encryption in transit - Gmail Help - March 21st, 2019
- Authenticated encryption - Wikipedia - March 19th, 2019
- Email Encryption Options for MDaemon Email Server - March 14th, 2019
- How to Encrypt Files on Windows - Tutorial - Toms Guide - March 6th, 2019
- Encryption, Key Management - bank information security - March 5th, 2019
- Which Types of Encryption are Most Secure? - February 7th, 2019
- JSON Object Signing and Encryption (JOSE) - February 4th, 2019
- What Is Encryption, and How Does It Work? - January 26th, 2019
- The Pitfalls of Facebook Merging Messenger, Instagram, and ... - January 26th, 2019
- Encryption: Avoiding the Pitfalls That Can Lead to Breaches - January 14th, 2019
- Encryption | Information Technology Services - December 31st, 2018
- Encryption - Investopedia - December 16th, 2018
- How to Protect Data at Rest with Amazon EC2 Instance Store ... - December 9th, 2018
- Next Generation Encryption - blogs.cisco.com - December 4th, 2018
- 3 Different Data Encryption Methods - DataShield blog - November 22nd, 2018
- Security and encryption | Documentation | Turtl - November 18th, 2018
- Encryption | General Data Protection Regulation (GDPR) - November 16th, 2018
- Using Encryption and Authentication Correctly (for PHP ... - November 13th, 2018
- Encryption | SANS Security Awareness - November 9th, 2018
- Types of Encryption | Office of Information Technology - November 5th, 2018
- Use Your own Encryption Keys with S3s Server-Side ... - October 29th, 2018
- What is Tokenization vs Encryption - Benefits & Uses Cases ... - October 12th, 2018
- Device Encryption | it.ucsf.edu - October 12th, 2018
- 5 Common Encryption Algorithms and the Unbreakables of the Future - September 15th, 2018
- Top 5 best encryption software tools of 2018 | TechRadar - August 26th, 2018
- New EBS Encryption for Additional Data Protection | AWS ... - August 22nd, 2018
- Best Encryption Software 2018 - Encrypt Files on Windows PCs - August 20th, 2018
- Download BestCrypt Volume Encryption 3.78.05 / 4.01.09 Beta - July 26th, 2018
- End-to-end encryption - Wikipedia - July 24th, 2018
- Download Symantec Encryption Desktop 10.4.0 Build 1100 - July 15th, 2018
- HTTPS - Wikipedia - July 10th, 2018
- AES encryption - June 20th, 2018
- Encrypt email messages - Outlook - June 20th, 2018
- Download Sophos Free Encryption 184.108.40.206 - softpedia.com - June 19th, 2018
- Does Skype use encryption? | Skype Support - June 16th, 2018
- Encryption- Computer & Information Security - Information ... - May 25th, 2018
- Enable BitLocker on USB Flash Drives to Protect Data - May 25th, 2018
- Transparent Data Encryption (TDE) - msdn.microsoft.com - April 12th, 2018
- Encryption Software Market - Global Forecast to 2022 - March 24th, 2018
- What AES Encryption Is And How It's Used To Secure File Transfers - March 24th, 2018
- Encryption vs. Cryptography - What is the Difference? - March 24th, 2018
- Energy-efficient encryption for the internet of things | MIT News - February 16th, 2018
- The Best Encryption Software - TopTenReviews - February 16th, 2018
- File-Based Encryption | Android Open Source Project - February 7th, 2018
- Beyond Encryption | Secure Enterprise email using existing ... - February 1st, 2018
- Azure Search enterprise security: Data encryption and user ... - January 26th, 2018
- Skype finally getting end-to-end encryption | Ars Technica - January 13th, 2018
- FBI chief says phone encryption is a 'major public safety issue' - January 13th, 2018
- Encryption and Export Administration Regulations (EAR) - December 27th, 2017
- Key (cryptography) - Wikipedia - December 21st, 2017
- security - Fundamental difference between Hashing and ... - December 15th, 2017
- What Is Encryption? | Surveillance Self-Defense - December 4th, 2017
- Comodo Disk Encryption Download - softpedia.com - December 1st, 2017
- Encryption - Simple English Wikipedia, the free encyclopedia - November 24th, 2017
- BitLocker Drive Encryption Overview - technet.microsoft.com - November 23rd, 2017
- The Encrypting File System - technet.microsoft.com - November 18th, 2017
- FBI cant break the encryption on Texas shooters smartphone - November 13th, 2017
- DOJ: Strong encryption that we dont have access to is ... - November 13th, 2017
- DOJ Fires Up New War With Apple Over Encryption - November 12th, 2017
- Security Awareness - Encryption | Office of Information ... - October 15th, 2017
- Data Encryption and Decryption (Windows) - October 14th, 2017