Part 1: What is a Key Management System?

In this, the first part of a three-part article, we start off by looking at what key management is, the function of a key management system and the benefits it provides.

This article is intended as a primer on the classification of cryptographic keys used for securing digital applications.

Appropriate management of cryptographic keys is essential for the application of cryptography. This is often aided by the use of a hardware security module (HSM), a dedicated hardware machine with an embedded processor that offers cryptographic services to users, applications, and computers in a network, and which explicitly protects cryptographic keys at every phase of their life cycle.

This article looks at the problems associated with key management that are common in many businesses today, where there is no clear ownership; then it examines the benefits of a centralized key management system and offers advice on building the business case to demonstrate both operational cost savings and a reduction in corporate risk.

Part 2 – Accelerating Time-to-Market

 With the increase in e-commerce and electronic communications on the one hand, and the growing challenges of cybercrime and data protection regulation on the other hand, cryptography is becoming an increasingly important business enabler.

Part 1 – Increasing Efficiency & Resilience

This two-part article discusses how cryptography is employed within organizations today and examines some of the challenges it raises, both for large, established enterprises and for start-ups within emerging markets such as FinTech, Internet of Things (IoT) and blockchain.

How Good Key Management for the Enterprise & Cloud Reduces Compliance Risk and Mitigates the Impact of Data Breaches

A number of serious security vulnerabilities, collectively known under the names of “Meltdown” and “Spectre” [1][2], have recently been discovered in a broad range of CPUs from Intel, ARM and AMD (some up to 20 years old) that are commonly used in servers, PCs and even mobile devices.

This article highlights the NIST key lifecycle recommendations in relation to PCI DSS compliance.