Organisations utilising cryptography for securing confidential information have the choice of hardware and software based solutions depending on the nature of the data in need of encryption. Arguably, the weakest link in the chain is the cryptographic keys used to encrypt and decrypt the data. This is due to the constantly increasing processing power of today’s computers and the length of time it may take to compromise the keys through an exhaustive key search. Therefore, these organisations must regularly revoke, update and distribute the keys to the relevant parties in order to reduce the risk of internal and external threats.
Many sectors, including banking and governmental, have the time consuming task of tracking and managing ever-increasing numbers of keys to ensure the right keys are in the right place at the right time. The vast amounts of keys needed for the daily operations of applications using crypto will lead to an army of administrators if the keys are managed manually. Hence, automated key management systems are now a necessity for these organisations if they are to keep on top of the workload, and reduce their admin costs.
Key management will come in many variations with some more suitable for enterprise settings while others are more scalable, designed for the huge numbers of keys as utilised in the banking industry. Different requirements need different solutions, however, there are some general issues which must be addressed if the implementation of such systems are to be successful in terms of functionality, compliance, availability and keeping costs at a minimum. A short list of best practice procedures is below:
• De-centralise encryption and decryption
• Centralised lifecycle key management