Centralized Key Management Systems: Challenges and Opportunities for the Next Decade

Over the last 10 years, enterprises have moved on from decentralized and distributed key management to centralized key management systems to provide secure and unified key life-cycle management.

Read more

The Need for a Crypto Abstraction Layer: Utilizing HSMs with Greater Efficiency and Agility

With increasingly tough security and privacy regulations, the use of cryptography is exploding in the modern enterprise. Hardware security modules (HSMs) provide the highest standard of security and compliance, but they are difficult to use and often deployed in silos, complicating compliance and hindering crypto-agility. As competitive pressures intensify, how can cryptography be turned into an enabler of business agility and digital transformation?

Read more

Which Trust Service Providers Support Remote QES Services?

The following content is an introduction to trust services and remote Qualified Electronic Signatures (QES) according to the eIDAS regulation and standards. This article is aimed at highlighting what a trust service provider (TSP) is and the valuable benefits of remote QES and other trust services.

Read more

Cryptographic Key Management Concepts: on Key Generation, Metadata, Life-cycles, Compromise and more

This article looks at the concept of cryptographic key management – what it is, why it’s important, and how an electronic key management system simplifies the task of managing a high volume of keys.

Read more

What are E-Signature Validation Attacks and How to Protect Yourself in the Context of eIDAS

Ensuring that the integrity of an e-signature remains intact is crucial to protecting its attached messages or documents. This article will explain three types of e-signature validation attacks and how they can be avoided by adopting the standards for e-signatures under eIDAS.

Read more

Enterprise-grade code signing: Securing the Signing Process

This article outlines the importance of code signing and describes a centralized approach for securing and streamlining the code signing process through technical and procedural enhancements.

Read more

Symmetric Cryptography and Key Management: Considerations on Key Exhaustion, Rotation and Security Models

With data protection standards, such as GDPR, and the sheer mass of data that companies collect and accumulate, the protection and control of information has become increasingly important. The deployment of encryption is the backbone of any given organisation’s systems security scheme towards the goal of data protection.

Read more

The Role of Random Number Generators in Relation to HSMs & Key Management

In this article we look at the role of random number generators (RNGs) and put them into a procedural context with hardware security modules (HSMs) and key management systems (KMSs). 

Read more

Taking Stock – How is eIDAS stacking up for SMEs? (Part 2)

In Part 1 of our article, we briefly summarised the challenges faced in the uptake of eIDAS services for SMEs. A recent study conducted for the European Commission found that awareness and lack of resources were the main barriers. Efforts to highlight the benefits of eIDAS services through real-life case studies was also found to be lacking. In order to address these barriers to adoption, certain recommendations were made which are summarised below.

Read more