Two key questions to prevent encryption sprawl (with related video)
Encryption tools protect a vast variety of data, each of which creates its own security silo. This then creates the risk of fragmentation. Two important questions come up as a result: how do you measure the quality of the encryption in the individual silos, and how do you apply consistent policies across the silos?
When it comes to measuring quality, building sound encryption technologies is not easy. Thankfully, there are certifications specifically focused on encryption and other cryptographic systems, such as the suite of Federal Information Processing Standards (FIPS).
As for applying consistent encryption policies across silos, the critical issue is encryption key management – a notorious pain point. Part of that pain arises from the scrutiny that encryption key management tasks understandably come under from a security point of view. But some of the pain is operational; the distribution, archiving and replacement of keys have the potential to stop business processes or destroy data forever.
As the number of keys to be managed increases, organizations are starting to seek ways to manage them that are much more centralized, with standardized policies and procedures. An important catalyst to centralized key management is the arrival of the Key Management Interoperability Protocol (KMIP), which is a standard that enables all kinds of keys to be stored, distributed and backed up in a standard way, with the eventual aim that it will be possible to administer keys from disparate encryption systems using a centralized, shared system – essentially key management as a service.
Some amount of encryption sprawl is inevitable, but a smart approach to key management and careful adoption of certified solutions can help to ensure that valuable business assets are not put at risk.
About the author: Richard Moulds is Vice President of Product Management and Strategy at Plantation, Fla.-based Thales e-Security. The company is a global provider of data protection solutions with more than 40 years experience securing sensitive information. Its customers include businesses, governments, and technology vendors with a range of challenges. The customers use Thales products and services to improve the security of applications that rely on encryption and digital signatures.
Moulds contributes his data protection expertise to the information technology security activities of Thales. He has worked alongside the Ponemon Institute for 10 years, developing the annual Global Encryption Trends Study.
This video provides an overview of Thales e-Security’s data protection solutions. The company’s products and services improve the security of applications that rely on encryption and digital signatures. The firm’s products protect sensitive information in traditional, virtualized and cloud-based infrastructures.