Data Security Policy and Enterprise Key Management: To centrally Manage Encryption Keys from Vormetric

616 views

Published on

This is an excerpt of Vormetric’s whitepaper: Simplifying IT Operations Securing and Controlling Access to Data Across the Enterprise. http://www.Vormetric.com/key82 .The whitepaper outlines the challenges of enterprise key management and details ways to minimize the risk.

This whitepaper from Vormetric on Key management strategy strives to provide the reader with an understanding, of the importance of encryption key management and of its evolution. Additionally, understanding that companies today require actionable information, the paper provides the reader with a set of criteria for encryption key management as well as an understanding of the challenges that may be faced. This is followed by a review of the recent industry initiatives and compliance regulations that are shaping the future of key management strategy. Lastly, the paper describes Vormetric’s Key Management, a component of the Vormetric Data Security product family.

According to the whitepaper, encryption key management should meet four primary criteria:


1. Security – In implementing a comprehensive data security strategy, organizations are well - advised to consider the security of the encryption keys. Where are they stored and how are they protected? Improper key management means weak encryption, and that can translate into vulnerable data.
2. Availability – In addition to being secure, the keys must ensure that the data is available when it is needed by the system or user. Key management practices that add complexity can decrease availability or add overhead to the network. That results in damage to the over efficiency of the network.
3. Scalability and Flexibility – Growth and change are inevitable in an organization. The key management solution should be able to address heterogeneous, distributed environments so as not to hamper either growth or change.
4. Governance and Reporting – Reporting is essential to proper institutional governance. Often, third party entities (be they customers or regulatory authorities) will request, and in some cases mandate, proper governance and reporting of key management. That means implementing and enforcing things like separation of duties, authorization process and key lifecycle management.

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
616
On SlideShare
0
From Embeds
0
Number of Embeds
7
Actions
Shares
0
Downloads
15
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Data Security Policy and Enterprise Key Management: To centrally Manage Encryption Keys from Vormetric

  1. 1. Security Policy and Key Management Centrally Manage Encryption KeysOracle TDE, SQL Server TDE and Vormetric Download Whitepaper Whitepaper Brief: Security Policy and Key Management from Vormetric
  2. 2. The Importance of Encryption Key Management and Data ProtectionEncryption key management can often prove to be challenging in environments that have ad hoc encryption solutions.While ad hoc implementations often serve the objectives of the organization, they can make comprehensive keymanagement, and therefore effective data protection, more difficult. As the old adage goes, a chain is only asstrong as its weakest link. For encryption implementations, that link is more often than not, key management. Poor keymanagement can be deleterious in any number of ways. Not only is key management required to ensure the integrityof the encryption system but various regulations and industry standards affect key management. These include: thePCI DSS, GLBA, and HIPAA HITECH to name but a few. Addressing enterprise-level key management is a vitalcomponent of a comprehensive data protection strategy.Vormetric’s whitepaper: Simplifying IT Operations: Securing and Controlling Access to Data Across the Enterprise outlinesthe challenges of enterprise key management and details ways to minimize the risk. Whether companies are usingintegrated key management systems, third party systems, or a combination of both, IT personnel are challenged toefficiently and securely manage the keys while still handling their day to day responsibilities. Adding to management’sheadaches are the results of a survey in which it was revealed that 40% of IT staff felt they could “hold their employerhostage” by making it difficult or impossible to access vital data by withholding or hiding encryption keys. Without acentralized system of encryption key management, security administrators are faced with costly, inefficient, and oftenimpossible task.Encryption Key Management: Primary CriteriaAccording to the whitepaper, encryption key management should meet four primary criteria: 1. Security – In implementing a comprehensive data security strategy, organizations are well- advised to consider the security of the encryption keys. 2. Availability – In addition to being secure, the keys must ensure that the data is available when it is needed by the system or user. 3. Scalability and Flexibility – The key management solution should be able to address heterogeneous, distributed environments so as not to hamper either growth or change. 4. Governance and Reporting – Reporting is essential to proper institutional governance. Often, third party entities (be they customers or regulatory authorities) will request, and in some cases mandate, proper governance and reporting of key management.The Evolution of Key ManagementThe whitepaper strives to provide the reader with an understanding, not only of the importance of key management,but of its evolution. Additionally, understanding that companies today require actionable information, the paper providesthe reader with a set of criteria for key management as well as an understanding of the challenges that may be faced.Lastly, the paper describes Vormetric’s Key Management, a component of the Vormetric Data Security product family.In an era of rampant litigation and regulation around the loss of personal data, and even the loss of corporate dataas that can impact shareholder value, proper implementation of security technologies and practices is of paramountimportance. As stated in the paper, “These attacks can have dire consequences for the enterprises under siege, resultingin substantial loss of revenue, massive fines, and degraded customer trust.” As the threat landscape evolves into oneripe with Advanced Persistent Threats and Hacktivists, companies must remain vigilant against both intentional andaccidental access and misuse of sensitive data. Encryption with strong key management remains the most effective wayto protect against the advancing threats. Download the Complete Whitepaper Click-to-Tweet Whitepaper Brief: Security Policy and Key Management from Vormetric

×