The need for mitigating risk with an appropriate key management system (KMS) is critical to the success of any organization that shares sensitive data across networks.

Here is a breakdown of two common types of KMSs and how risk mitigation can be successfully accomplished.

The modern world of cybersecurity can be a confusing place. There are tomes of data, regulations, and mandates in addition to the complex technical aspects. This is especially true when it comes to crypto key management systems (KMSs).

A crypto-abstraction layer (CAL) is, in its most general sense, an application programming interface (API) - also known as a library- that hides cryptographic details from program developers that they don’t need to know about (such as the brand of hardware they are using for their source of random numbers). They are essential in the world of InfoSec because those who are expert developers are not usually expert cryptographers or even security personnel and so they need all the help they can get when it comes to implementing cryptography.

In this article we will explore some of the reasons why HSMs can be difficult to use and look at a novel solution that helps to overcome these problems.

The aim of this article is inform you on how to implement proper key management and to answer 3 important questions regarding centralized and automated key management:

1. What is Centralized Key Management?
2. How can a centralized system help meet regulatory compliance?
3. How can automation further improve the life cycle management of keys?

The payment card industry data security standard (PCI DSS) calls for all financial institutions and merchants to protect their clients’ sensitive data, which typically includes the use of strong cryptography as dictated by PCI DSS requirement 3. Most organisations empty this burden on the IT department or IT management teams and hope all their compliance is covered. However, in most cases when there is a data breach, the burden lies on the shoulders of the C-level management, who are left to answer to the difficult questions.

In this final part of the series, we look at how cloud computing will impact the use of cryptography and at the future of HSMs; and finally, we reflect on what you can do to be ready for the advances in cryptography that lie ahead.

As part 2 of this 3-part series, here we look at new applications such as blockchain and IoT, as well as the impact of quantum technology.

Cryptography has come a long way since ancient times, and the pace of development has been especially quick over the last 2 decades. Indeed, many fundamental aspects of our modern world – finance, communications, e-commerce, national security – are built on the bedrock of cryptography.