The benefits of an automated and centralized key management system

The aim of this article is inform you on how to implement proper key management and to answer 3 important questions regarding centralized and automated key management:

  1. What is Centralized Key Management?
  2. How can a centralized system help meet regulatory compliance?
  3. How can automation further improve the life cycle management of keys?
Read more

How to Reduce Cryptography-Risks related to PCI DSS

The payment card industry data security standard (PCI DSS) calls for all financial institutions and merchants to protect their clients’ sensitive data, which typically includes the use of strong cryptography as dictated by PCI DSS requirement 3. Most organisations empty this burden on the IT department or IT management teams and hope all their compliance is covered. However, in most cases when there is a data breach, the burden lies on the shoulders of the C-level management, who are left to answer to the difficult questions.

Read more

Trends in Cryptography Part 3 – HSMs and Cloud Computing

In this final part of the series, we look at how cloud computing will impact the use of cryptography and at the future of HSMs; and finally, we reflect on what you can do to be ready for the advances in cryptography that lie ahead.

Read more

Trends in Cryptography Part 2 – Blockchain, IoT and Quantum Technology

As part 2 of this 3-part series, here we look at new applications such as blockchain and IoT, as well as the impact of quantum technology.

Read more

Trends in Cryptography Part 1 – Algorithms and Encryption

Cryptography has come a long way since ancient times, and the pace of development has been especially quick over the last 2 decades. Indeed, many fundamental aspects of our modern world – finance, communications, e-commerce, national security – are built on the bedrock of cryptography.

Read more

3DES is Officially Being Retired

According to draft guidance published by NIST on July 19, 2018, the Triple Data Encryption Algorithm (TDEA or 3DES) is officially being retired. The guidelines propose that, after a period of public consultation, 3DES is deprecated for all new applications and usage is disallowed after 2023.

Read more

An Introduction to the Role of HSMs for PCI DSS Compliance

The Payment Card Industry Data Security Standard (PCI DSS) helps to safeguard cardholders’ private information. The Payment Card Industry Security Standards Council (PCI SSC) enforces the standard through recommendations and requirements that aim to ensure security across all organizations involved in the processing of cardholder information.

Read more

The private life of private keys

A private cryptographic key is an extremely sensitive piece of information, and requires a whole set of special security measures to protect it. This article outlines some problems with key management relating to the life cycle of private cryptographic keys. There are many types of cryptographic keys; each type has own inherent challenges. Here, we outline some of the challenges we meet when managing the life cycle of asymmetric cryptographic keys and pairs.

Read more

Cryptographic Key Management - the Risks and Mitigation

With the increasing dependence on cryptography to protect digital assets and communications, the ever-present vulnerabilities in modern computing systems, and the growing sophistication of cyber attacks, it has never been more important, nor more challenging, to keep your cryptographic keys safe and secure. A single compromised key could lead to a massive data breach with the consequential reputational damage, punitive regulatory fines and loss of investor and customer confidence.

Read more