Whitepaper Brief: Security Policy and Key Management from Vormetric
Security Policy and
Key Management
Centrally Manage En...
Whitepaper Brief: Security Policy and Key Management from Vormetric
Click-to-Tweet
Download the Complete Whitepaper
The Im...
Upcoming SlideShare
Loading in …5
×

Security Policy and Key Management: Centrally Manage Encryption Keys - Oracle TDE, SQL Server TDE and Vormetric

240 views

Published on

This is an excerpt of Vormetric’s whitepaper: Simplifying IT Operations Securing and Controlling Access to Data Across the Enterprise . http://enterprise-encryption.vormetric.com/data-security-policy-and-encryption-key-management-white-paper.html

The Whitepaper outlines the challenges of enterprise key management and details ways to minimize the risk.

This whitepaper from Vormetric on Key management strategy strives to provide the reader with an understanding, not only of the importance of key management, but of its evolution. Additionally, understanding that companies today require actionable information, the paper provides the reader with a set of criteria for key management as well as an understanding of the challenges that may be faced. This is followed by a review of the recent industry initiatives and compliance regulations that are shaping the future of key management strategy. Lastly, the paper describes Vormetric’s Key Management, a component of the Vormetric Data Security product family.

According to the whitepaper, encryption key management should meet four primary criteria:

1. Security – In implementing a comprehensive data security strategy, organizations are well- advised to consider the security of the encryption keys. Improper key management means weak encryption, and that can translate into vulnerable data.
2. Availability – In addition to being secure, the keys must ensure that the data is available when it is needed by the system or user. Key management practices that add complexity can decrease availability or add overhead to the network. That results in damage to the over efficiency of the network.
3. Scalability and Flexibility – Growth and change are inevitable in an organization. The key management solution should be able to address heterogeneous, distributed environments so as not to hamper either growth or change.
4. Governance and Reporting – Reporting is essential to proper institutional governance. Often, third party entities (be they customers or regulatory authorities) will request, and in some cases mandate, proper governance and reporting of key management. That means implementing and enforcing things like separation of duties, authorization process and key lifecycle management.

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
240
On SlideShare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
7
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Security Policy and Key Management: Centrally Manage Encryption Keys - Oracle TDE, SQL Server TDE and Vormetric

  1. 1. Whitepaper Brief: Security Policy and Key Management from Vormetric Security Policy and Key Management Centrally Manage Encryption Keys Oracle TDE, SQL Server TDE and Vormetric Download Whitepaper
  2. 2. Whitepaper Brief: Security Policy and Key Management from Vormetric Click-to-Tweet Download the Complete Whitepaper The Importance of Encryption Key Management and Data Protection Encryption key management can often prove to be challenging in environments that have ad hoc encryption solutions. While ad hoc implementations often serve the objectives of the organization, they can make comprehensive key management, and therefore effective data protection, more difficult. As the old adage goes, a chain is only as strong as its weakest link. For encryption implementations, that link is more often than not, key management. Poor key management can be deleterious in any number of ways. Not only is key management required to ensure the integrity of the encryption system but various regulations and industry standards affect key management. These include: the PCI DSS, GLBA, and HIPAA HITECH to name but a few. Addressing enterprise-level key management is a vital component of a comprehensive data protection strategy. Vormetric’s whitepaper: Simplifying IT Operations: Securing and Controlling Access to Data Across the Enterprise outlines the challenges of enterprise key management and details ways to minimize the risk. Whether companies are using integrated key management systems, third party systems, or a combination of both, IT personnel are challenged to efficiently and securely manage the keys while still handling their day to day responsibilities. Adding to management’s headaches are the results of a survey in which it was revealed that 40% of IT staff felt they could “hold their employer hostage” by making it difficult or impossible to access vital data by withholding or hiding encryption keys. Without a centralized system of encryption key management, security administrators are faced with costly, inefficient, and often impossible task. Encryption Key Management: Primary Criteria According to the whitepaper, encryption key management should meet four primary criteria: 1. Security – In implementing a comprehensive data security strategy, organizations are well- advised to consider the security of the encryption keys. 2. Availability – In addition to being secure, the keys must ensure that the data is available when it is needed by the system or user. 3. Scalability and Flexibility – The key management solution should be able to address heterogeneous, distributed environments so as not to hamper either growth or change. 4. Governance and Reporting – Reporting is essential to proper institutional governance. Often, third party entities (be they customers or regulatory authorities) will request, and in some cases mandate, proper governance and reporting of key management. The Evolution of Key Management The whitepaper strives to provide the reader with an understanding, not only of the importance of key management, but of its evolution. Additionally, understanding that companies today require actionable information, the paper provides the reader with a set of criteria for key management as well as an understanding of the challenges that may be faced. Lastly, the paper describes Vormetric’s Key Management, a component of the Vormetric Data Security product family. In an era of rampant litigation and regulation around the loss of personal data, and even the loss of corporate data as that can impact shareholder value, proper implementation of security technologies and practices is of paramount importance. As stated in the paper, “These attacks can have dire consequences for the enterprises under siege, resulting in substantial loss of revenue, massive fines, and degraded customer trust.” As the threat landscape evolves into one ripe with Advanced Persistent Threats and Hacktivists, companies must remain vigilant against both intentional and accidental access and misuse of sensitive data. Encryption with strong key management remains the most effective way to protect against the advancing threats.

×