Many people already know data encryption can help secure sensitive business data. But, because organizations have adopted it so widely, IT and security teams now must manage growing numbers and types of encryption keys. Each key may belong to a different data storage device with built-in data encryption and database management systems. Others may belong to apps with native encryption. Devices already siloed from one another move even further apart because of tools that don’t work well together. All of these cases make it even more difficult for teams to manage disparate encryption keys for many different data stores from a range of vendors. Disparate management can also put the enterprise’s overall security posture at risk. 

The solution? A central system of encryption key management. This gives admins a cost-effective and efficient way to secure keys. Without it, admins may find it difficult to enforce consistent policies, ensure that encryption keys are managed separately from the encrypted data or address any compliance needs. 

So, how can you manage multiple encryption keys across your business? And, how can you secure them all? 

Centralize control of your data

In order to start on the path to proper key management, you must consider every step. Know the encryption key life cycle and document it along the way. Make sure your enterprise key management system has insight and management into all existing keys. Along with working with the tools you already use, it also needs to be flexible enough to scale and integrate new tools.

Encryption Key Management Best Practices

Several industry standards can help different data encryption systems talk to one another. These make it easier for enterprise users to manage their keys from one, central location. First, using an encryption key manager that supports data encryption standards can make the job of managing keys simpler. That’s because these standards can bring together apps and storage devices with their own encryption.

There are several options in the market today.

Key Management Interoperability Protocol (KMIP) enables encryption solutions and data stores to talk to one another, including apps, databases and storage devices. The KMIP protocol provides streamlined, compatible key management processes for critical key life cycle management tasks. The Organization for the Advancement of Structured Information Standards (OASIS), a nonprofit that promotes open standards, governs this standard. Market-leading security providers and industry experts developed KMIP key management.

Public Key Cryptographic Standard #11 (PKCS#11) was first developed by RSA Security along with external subject matter experts. Now, OASIS maintains it. PKCS#11 is a platform-independent application programming interface (API). It’s designed to connect with cryptographic devices such as USB keys and hardware security modules as security tokens to perform various functions.

While not considered only a key exchange standard, Representational State Transfer (REST) APIs can also help apps integrate and connect with encryption key managers. REST is an architectural style for communication standards between systems. It is emerging as another option to bring together different data encryption tools.

Key Management Standards

Some vendors, such as IBM or Microsoft, provide internal standards when it comes to managing keys. These apply to their respective products, but you may also extend them to third parties. For IBM, the IBM Proprietary Protocol (IPP) is very useful in this case. If your team wants to partner with only a single vendor, the first step may be to understand what tools they can spin up easily.

In conclusion, data is only as secure as the system that manages the encryption keys protecting it. With a central enterprise key management solution, you can protect sensitive enterprise data better. The easiest step along this path is to select an encryption key manager and self-encrypting technology that support popular key standards.

Learn about Guardium Key Lifecycle Manager

More from Data Protection

Heads Up CEO! Cyber Risk Influences Company Credit Ratings

4 min read - More than ever, cybersecurity strategy is a core part of business strategy. For example, a company’s cyber risk can directly impact its credit rating. Credit rating agencies continuously strive to gain a better understanding of the risks that companies face. Today, those agencies increasingly incorporate cybersecurity into their credit assessments. This allows agencies to evaluate a company’s capacity to repay borrowed funds by factoring in the risk of cyberattacks. Getting Hacked Impacts Credit Scoring As per the Wall Street Journal…

4 min read

IBM Security Guardium Ranked as a Leader in the Data Security Platforms Market

3 min read - KuppingerCole named IBM Security Guardium as an overall leader in their Leadership Compass on Data Security Platforms. IBM was ranked as a leader in all three major categories: Product, Innovation, and Market. With this in mind, let’s examine how KuppingerCole measures today’s solutions and why it’s important for you to have a data security platform that you trust. The Transformation of the Data Security Industry As digital transformation continues to expand, the impact it has had on enterprises is very apparent when…

3 min read

SaaS vs. On-Prem Data Security: Which is Right for You?

2 min read - As businesses increasingly rely on digital data storage and communication, the need for effective data security solutions has become apparent. These solutions can help prevent unauthorized access to sensitive data, detect and respond to security threats and ensure compliance with relevant regulations and standards. However, not all data security solutions are created equal. Are you choosing the right solution for your organization? That answer depends on various factors, such as your industry, size and specific security needs. SaaS vs. On-Premises…

2 min read

Understanding the Backdoor Debate in Cybersecurity

3 min read - The debate over whether backdoor encryption should be implemented to aid law enforcement has been contentious for years. On one side of the fence, the proponents of backdoors argue that they could provide valuable intelligence and help law enforcement investigate criminals or prevent terrorist attacks. On the other side, opponents contend they would weaken overall security and create opportunities for malicious actors to exploit. So which side of the argument is correct? As with most debates, the answer isn't so…

3 min read