August 13, 2021 By Cynthia Luu 3 min read

Data encryption can help prevent malicious users and rogue processes from taking control of sensitive data. According to the 2021 Cost of a Data Breach report, the use of encryption is a top factor in reducing the average data breach cost. But, encrypted data is only as safe as the encryption keys.

The IT or security teams must carefully manage encryption keys throughout the keys’ life cycles. This includes generating, deploying, storing, archiving and deleting keys and rotating, replicating and backing them up. In order to minimize any mismanagement, consider every facet of data encryption — from the encryption method to encryption key administration.

More on customer-owned encryption and key management

Data Encryption Includes Key Management

Organizations are embracing cloud services on top of expanding use of data encryption. Because of this, the number of encryption keys is growing. In order to stay on top of key management and reduce the risk of third-party access to keys due to cloud service adoption, you’ll need an enterprise encryption key management strategy. In order to create a streamlined plan, consider the following:

Simplify Key Management With a Single Vendor

In IDC’s 2020 Data Security Survey, respondents say they struggle to manage multiple key management solutions. Sometimes, organizations can simplify their key management by consolidating the number of vendors they use. While it may be difficult to both minimize the number of products and address all key data security use cases, using multiple solutions from the same vendor can at least simplify the process and provide some consistency.

How Multiple Data Encryption Products Can Talk Securely

A single product to rule them all may not exist, but an encryption key manager that supports interoperability protocols is the next best thing. Many devices and applications come with their own native encryption capabilities and local key management. These self-encrypting solutions often support key exchange standards such as the Key Management Interoperability Protocol (KMIP). KMIP key management can help centrally manage data encryption keys from different encryption technologies.

Formerly, a bunch of self-encrypting storage solutions would save their encryption keys in USB drives. That would leave the keys at risk for being lost or mismanaged. Instead, with key exchange standards you can transfer these keys to a centralized key manager for secure management.

The more you can consolidate, the better, as long as it’s secure. An encryption key manager that supports multiple key exchange standards is better positioned to integrate and communicate with a larger number of third-party key managers. Along with KMIP, Representational State Transfer or REST-based key exchange is another option for consolidating encryption keys within a single key manager.

Hands-Off: Configured Rules and Policies

A key manager capable of automating encryption key life cycle management would ultimately minimize the amount of time the IT and security employees need to get involved. After the initial configuration and beyond typical check-ins and maintenance, the ideal encryption key manager would be low-touch.

This means the key manager should execute critical tasks such as key rotation automatically according to a predefined schedule. The acceptance of encryption-enabled devices can also be automated, so that administrators do not have to manually add devices unless required by internal standards to do so. For entities deploying encryption with multiple data centers across the world, key synchronization can be automated so that keys can always be up-to-date and available.

How to Simplify A Complex Problem

Organizations are looking to protect a growing amount of sensitive data on-premises and in the cloud. Many have chosen to implement data encryption at various layers — in hardware, on files and in applications. This can result in encryption silos with inconsistent approaches to managing encryption keys. A formal key management process is a necessary challenge that can make a big difference.

When planning an enterprise key management strategy, look for a key manager that centralizes, simplifies and automates key lifecycle processes from initialization and activation through rotation and deletion. This should help reduce management overhead and help maintain control over your keys and your data encryption.

Learn about Guardium Key Lifecycle Manager

More from Data Protection

Overheard at RSA Conference 2024: Top trends cybersecurity experts are talking about

4 min read - At a brunch roundtable, one of the many informal events held during the RSA Conference 2024 (RSAC), the conversation turned to the most popular trends and themes at this year’s events. There was no disagreement in what people presenting sessions or companies on the Expo show floor were talking about: RSAC 2024 is all about artificial intelligence (or as one CISO said, “It’s not RSAC; it’s RSAI”). The chatter around AI shouldn’t have been a surprise to anyone who attended…

3 Strategies to overcome data security challenges in 2024

3 min read - There are over 17 billion internet-connected devices in the world — and experts expect that number will surge to almost 30 billion by 2030.This rapidly growing digital ecosystem makes it increasingly challenging to protect people’s privacy. Attackers only need to be right once to seize databases of personally identifiable information (PII), including payment card information, addresses, phone numbers and Social Security numbers.In addition to the ever-present cybersecurity threats, data security teams must consider the growing list of data compliance laws…

How data residency impacts security and compliance

3 min read - Every piece of your organization’s data is stored in a physical location. Even data stored in a cloud environment lives in a physical location on the virtual server. However, the data may not be in the location you expect, especially if your company uses multiple cloud providers. The data you are trying to protect may be stored literally across the world from where you sit right now or even in multiple locations at the same time. And if you don’t…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today