Securely managing cryptographic keys is typically the most difficult part of encryption. In the recent Ponemon Institute survey, Global Encryption Trends Study, the following nine types of keys were identified as the most difficult to manage:

In the mobile environment, source code is often distributed without enough security. Programs compiled as bytecode, such as the ones developed for Java or .NET, contain almost all the original information from the source code. Programs developed with native code, usually developed in C, Objective-C, or C++, are much more difficult to reverse. In what follows, we will look at the difference between interpreted code and native code in mobile operating systems and why we still need native code obfuscation.

Globalization has continued its seemingly inexorable march over the last decades. Movement of capital, labor, ideas, goods and services across borders has made the world smaller. International and multilateral organisations create the rules that define and guide interactions between peoples and nations. Parallelly, we are seeing another revolution - the digitizing of our economy at a breath-taking pace.

Many organizations struggle with cryptographic key management for multiple reasons. However, these pain points can be resolved with the right tools.

For traditional banks to rise above the competition they face from big tech, neobanks, and fintechs, they need to add new digital skills to their traditional banking capabilities; positioning themselves as agile providers of financial services by providing demand-driven services at the right time and place.

When developing an application for mobile banking, application hardening using code obfuscation is one possible way of protecting sensitive data. However, this may not be an acceptable solution in many different scenarios: when the data to protect must be (partially) displayed, linked to other accounts or other data, or sent to a remote network, etc. The general solution to this problem is data obfuscation.

In the 2009 movie Cloudy with a Chance of Meatballs, food instead of rain begins to fall from the clouds. Today’s hybrid computing environment employs so many applications using cryptography that clouds are saturated with crypto keys, and you don’t want to find that yours are falling from the cloud into the hands of cyber-criminals. In this blog, from our strategic technology partner nCipher, we explore the critical need for key management in the hybrid cloud, particularly among banking and financial applications. 

This article discusses the main phases involved in the life-cycle of a cryptographic key, and how the operational lifetime of a key and its strength can be determined. It also looks at some driving forces to automate key management.

The cloud services provided by Microsoft Dynamics 365 are gaining rapid market share in the banking world. A burning question for the security departments is how to take advantage of the cloud services on offer without relinquishing control of their cryptographic keys.