What is Banking-Grade Tokenization According to PCI DSS

What is Banking-Grade Tokenization According to PCI DSS

The concept of a token has been used in the digital world for almost 50 years to separate and protect real data elements from exposure. In recent times, the concept of tokenization has been used as a security mechanism for protecting sensitive data.

The Need for a Crypto Abstraction Layer: Utilizing HSMs with Greater Efficiency and Agility

The Need for a Crypto Abstraction Layer: Utilizing HSMs with Greater Efficiency and Agility

With increasingly tough security and privacy regulations, the use of cryptography is exploding in the modern enterprise. Hardware security modules (HSMs) provide the highest standard of security and compliance, but they are difficult to use and often deployed in silos, complicating compliance and hindering crypto-agility. As competitive pressures intensify, how can cryptography be turned into an enabler of business agility and digital transformation?

What is Quantum Computing and how does it relate to today’s Cryptography Infrastructure Investments

What is Quantum Computing and how does it relate to today’s Cryptography Infrastructure Investments

The rise of quantum computing is expected to have significant impacts on both financial and technological considerations when evaluating infrastructure expansion and upgrades. Quantum computing is still being developed but gets closer to reality every day. Here we look at the high level impacts of quantum computing in relation to cryptographic infrastructure.

Differentiating between managing the lifecycle of cryptographic keys, protecting the keys and using the keys

Differentiating between managing the lifecycle of cryptographic keys, protecting the keys and using the keys

The modern world of cybersecurity can be a confusing place. There are tomes of data, regulations, and mandates in addition to the complex technical aspects. This is especially true when it comes to crypto key management systems (KMSs).

What is a Crypto-Abstraction Layer?

What is a Crypto-Abstraction Layer?

A crypto-abstraction layer (CAL) is, in its most general sense, an application programming interface (API) - also known as a library- that hides cryptographic details from program developers that they don’t need to know about (such as the brand of hardware they are using for their source of random numbers). They are essential in the world of InfoSec because those who are expert developers are not usually expert cryptographers or even security personnel and so they need all the help they can get when it comes to implementing cryptography.

How to Improve HSM Usability

How to Improve HSM Usability

In this article we will explore some of the reasons why HSMs can be difficult to use and look at a novel solution that helps to overcome these problems.

What is Crypto-Agility?

What is Crypto-Agility?

Crypto-agility, or cryptographic agility, is the capacity for an information security system to adopt an alternative to the original encryption method or cryptographic primitive without significant change to system infrastructure. NIST guidelines state “maintaining crypto agility is imperative” to prepare for the quantum computing era. Crypto-agility may be achieved through the adoption of new frameworks for incident response and application development, as well as the acquisition of a service software layer to facilitate crypto-agility in legacy applications.

Turning Cryptography into a Service - Part 1

Turning Cryptography into a Service - Part 1

Part 1 – Increasing Efficiency & Resilience

This two-part article discusses how cryptography is employed within organizations today and examines some of the challenges it raises, both for large, established enterprises and for start-ups within emerging markets such as FinTech, Internet of Things (IoT) and blockchain.

How to implement efficient Key Management in a Legacy Infrastructure

How to implement efficient Key Management in a Legacy Infrastructure

This article discusses the various issues around key management and presents Cryptomathic’s approach to central key and crypto management that has been adopted by major banks.