Encryption Management

We are using encryption on a daily basis and may not be aware of it. Confidentiality of digital communication has become important integral part of secure and reliable solutions. Current trends show that the use of encryption is on the rise within all industries. Are your solutions secure and ready?

Encryption Management (also known as Cryptographic Key Management) is the set of techniques and procedures that support the establishment and maintenance of keying relationships between the authorized parties.

Cryptographic Issues and Information Leakage are most common types of flaws in applications.

wordcloud-4

Most significant threats to sensitive or confidential data

54%
employee mistakes
30%
system malfunction
30%
hackers
22%
temporary workers
* based on 2019 Global Encryption Trends Study

Standards and regulations that needs encryption management

Payment Card Industry (PCI)

National Institute of Standards and Technology

Payment Services Directive (PSD2)

International Organization for Standardization (ISO)

General Data Protection Regulation (GDPR)

EMVCo (3D Secure, Secure Remote Commerce)

Sarbanes–Oxley Act (SOX)

Electronic Identification, Authentication and Trust Services (eIDAS)

Gramm–Leach–Bliley Act (GLBA)

Health Insurance Portability and Accountability Act (HIPAA)

Cryptographic key lifecycle

Each cryptographic key has its own lifecycle. It goes through the generation of keying material using random number generator, to its formal usage in application and systems, and the key is retired and logically and physically destroyed at the end of its life. This helps us to understand the status of the keys in each stage during the time and to prevent misuse, which can lead to compromise and replacement of the whole hierarchy of keys, with huge impact on the operation and business. Properly designed lifecycle has its benefits of avoiding loss of information and protecting sensitive data in each point in time.

Typical lifecycle includes

Encryption Management (also known as Cryptographic Key Management) is the set of techniques and procedures that support the establishment and maintenance of keying relationships between the authorized parties.

Sorry,You have not added any process yet

Encryption management strategy

Planning and executing strategy is one of the biggest challenge for the successful encryption management:

Discovery and Inventory

Know where all keys reside, how to quickly identify them, and have the overall idea of the impact to the business in any case

Appropriate Technology

Appropriate technology helps us to effectively manage numbers of keys and their lifecycle, providing automation, monitoring, and reporting

Data Classification

Know which data is sensitive and how much do we need to protect the data, what are the risks and threats

Training and Awareness

Train personnel and provide enough information to employees in order to understand the purpose of encryption management

Most common deployment of encryption management

Internet communications (e.g., TLS/SSL) 88%
Databases 86%
Backup and archives 82%
Internal networks (e.g., VPN/LPN) 81%
Laptop hard drives 80%
Cloud gateway 76%
Email 74%
Data center storage 74%
File systems 70%
Public cloud services 69%
Private cloud infrastructure 66%
Docker containers 58%
Big data repositories 54%
Internet of things (IoT) 52%

Most common data types encrypted

Payment related data 55%
Financial records 54%
Employee/HR data 51%
Intellectual property 51%
Customer information 44%
Non-financial business information 25%
Healthcare information 24%
* based on 2019 Global Encryption Trends Study