HSMs and Key Management: Effective Key Security

Appropriate management of cryptographic keys is essential for the application of cryptography. This is often aided by the use of a hardware security module (HSM), a dedicated hardware machine with an embedded processor that offers cryptographic services to users, applications, and computers in a network, and which explicitly protects cryptographic keys at every phase of their life cycle.

Read more

eIDAS and the new European Interoperability Framework – One step closer to the Single Market

The public sector accounts for a quarter of all employment and a fifth of the entire economic output of the European Union. Given the economic and social contributions of the public sector as well as it’s critical contributions as a regulator, it remains a key target for reform and a centrepiece for the push towards a Single Digital Market.

Read more

Key Management – A Question of Ownership

This article looks at the problems associated with key management that are common in many businesses today, where there is no clear ownership; then it examines the benefits of a centralized key management system and offers advice on building the business case to demonstrate both operational cost savings and a reduction in corporate risk.

Read more

Turning Cryptography into a Service - Part 2

Part 2 – Accelerating Time-to-Market

 With the increase in e-commerce and electronic communications on the one hand, and the growing challenges of cybercrime and data protection regulation on the other hand, cryptography is becoming an increasingly important business enabler.

Read more

Turning Cryptography into a Service - Part 1

Part 1 – Increasing Efficiency & Resilience

This two-part article discusses how cryptography is employed within organizations today and examines some of the challenges it raises, both for large, established enterprises and for start-ups within emerging markets such as FinTech, Internet of Things (IoT) and blockchain.

Read more

Key Management for GDPR

Introduction

Much has already been written about EU General Data Protection Regulation (GDPR), which comes into force on 25th May 2018 to protect EU citizens’ personal data. It applies to all companies processing and holding the personal data of data subjects residing in the EU, regardless of the company’s location. Unlike EU Directives, GDPR does not require national legislation to enact its provisions, so organizations not in compliance may face fines of up to 4% of annual global turnover or €20 Million (whichever is greater) from day one. The scope of the Regulation is broad, so this article will focus on the important role of encryption and particularly key management in aiding compliance. But first, let’s understand some key concepts and terminology:

Read more

Meltdown & Spectre – What you Need to Know about Protecting your Keys

A number of serious security vulnerabilities, collectively known under the names of “Meltdown” and “Spectre” [1][2], have recently been discovered in a broad range of CPUs from Intel, ARM and AMD (some up to 20 years old) that are commonly used in servers, PCs and even mobile devices.

Read more

Exploring the synergy between eIDAS and the new European Interoperability Framework

The European Interoperability Framework (EIF) adopted in 2017 is the primary thrust in the EU’s effort to improve the efficiency of public service delivery across it’s member states.

Read more

Key Management Lifecycles compliant to PCI DSS

This article highlights the NIST key lifecycle recommendations in relation to PCI DSS compliance.

Read more