The Business Case for Protecting the Keys to the Kingdom – Security Today

Posted on by

The Business Case for Protecting the Keys to the Kingdom

An enterprise key management system can prevent data breaches, produce efficiency savings, simplify compliance, and enable digital transformation.

In the battle for security budget funding, enterprise key management isnt nearly as sexy as technologies such as threat hunting or blockchain cybersecurity. Nevertheless, a key management system (KMS) is a behind-the-scenes workhorse that manages and protects the very keys that can open the kingdom. While a KMS is likely already a line item in the annual security budget, an investment to modernize a KMS to extend data security to the cloud will certainly pay dividends by reducing the risk of a data breach.

What is key management, and why is it necessary? Key management is the practice of administering the lifecycle of cryptographic keys in accordance with best practices such as those defined by the National Institute of Standards and Technology (NIST). In its Recommendation for Key Management, NIST states:

The proper management of cryptographic keys is essential to the effective use of cryptography for security. Ultimately, the security of information protected by cryptography directly depends on the strength of the keys, the effectiveness of mechanisms and protocols associated with the keys, and the protection afforded to the keys.

The fundamental requirements of key management are to generate cryptographically strong keys, protect the keys against disclosure or alteration, and provide effective controls for managing and using keys.

What is a Key Management System?While encryption is built into many products today, the capabilities for generating and storing keys are often rather rudimentary and generally fall short of standards such as NIST SP 800-57. Electronic key management systems are commonly used to consolidate and centralize the management of keys across the enterprise in accordance with industry standards and best practices for data security.

A central capability of any KMS is systematic management of keys over their entire lifecycle, including generation, import/export, distribution, usage, update, backup, revocation, and deletion. A KMS should also provide controls to ensure that keys can be accessed only by authorized individuals and systems and used only for their intended purposes. All key operations should be logged for audit and compliance purposes.

View original post here:
The Business Case for Protecting the Keys to the Kingdom - Security Today

Related Posts
This entry was posted in $1$s. Bookmark the permalink.