We live in an information age where customers demand access to your organisations services anytime, from anywhere and via almost any medium. Invariably services are on-line and if you fail to provide them, your competitors will. The rate of change and innovation is unprecedented. The protection of sensitive customer data matters to businesses like never before, however your IT services are provided.
Unless you keep all your data behind closed doors and don't communicate sensitive data with third parties, there is but one way to protect your data: to use encryption and other cryptographic techniques to ensure confidentiality, integrity and availability. To do that, your applications need cryptographic keys and plenty of them. A cryptographic key may be viewed as the most valuable security asset for an organisation - if a key is compromised, the relying system is vulnerable to attack. A major challenge for businesses is to ensure that the right key is always at the right place at the right time, throughout the entire life-cycle of that key. This is what key management is about, it needs to be automated, ubiquitous and resilient.
When encryption fails, it matters instantly to a business. Failures can impact customers, business reputation and profitability. According to a 2013 Ponemon Institute report, a successful attack on a large organisation's cryptographic keys could cost upwards of US$125 million per incident.
A large organisation will be responsible for managing hundreds if not thousands of keys, which is typically a time-consuming manual process that presents a large overhead to the business. Organisations that proactively embrace the need for efficient key management can gain a commercial advantage. This can be used to become agile in the delivery of new and enhanced customer offerings, provide cost and control efficiency and, crucially, the ability to rapidly respond to security incidents. The recent discovery of the OpenSSL Heartbleed bug and the resulting need to revoke and re-issue all private keys and associated certificates on all vulnerable devices is a case in point.
New business applications have to be deployed and enhanced quickly, and encryption and key management processes have to meet this demand; these are facts of technical life. Encryption and key management is now crucial to the development of many business offerings. Often the purpose of encryption is to provide the necessary level of control in processes within the business offering. As a business enabler, the importance of key management has never been higher and industry forecasts and surveys suggest it will continue to grow rapidly.
Key management is already more complex, wider in its scope, larger in scale and more susceptible to change and unexpected events than ever before. Without the right procedures or tools to manage keys efficiently, an organisations long-term profitability will be detrimentally affected. Most businesses don't care about encryption and key management per se, they require tools to operate effectively when required.
Whichever key management tools a business uses, it expects to be able to implement, operate and upgrade them easily. Such systems must have intuitive usability and demonstrable control of functions and processes.
For more information on key life-cycle management, visit: /products/key-management
or contact us on: