How Leading Banks Excel at PCI DSS through Key Management

During April 2015, PCI DSS v3.1 was released as the latest iteration for industry-wide requirements and guidelines for securing cardholder data. 

This blog post discusses the cryptographic key management techniques used in the banking industry to comply with PCI DSS.

Read more

Advantages of Centralized Key Management

Traditionally, end-to-end lifecycle key management was achieved through inefficient paper-based procedures and highly resource intensive tasks performed by 4 or 5 employees, but this inefficient process leads to human errors and is very time and resource consuming. Centralized cryptographic key management is the best solution to overcome such dependency on individuals.

This article discusses the advantages of using a centralized key management system.

Read more

7 Tips for Correct Usage of Encryption to Secure eGovernment Processes

Encryption has become the most essential part of securing data online. The biggest headache to the Cybersecurity industry is a data breach. The last few years have seen an increase in hacking and exposure of confidential data to individuals or cyber criminals. Lack of data protection or data encryption has been one of the major reasons behind such security breaches.

Recently, a healthcare industry data breach occurred because the company stored Social Security Numbers of 80 million customers without encrypting them. The subsequent paragraphs suggest a set of best practices that can help to improve the level of cyber security in eGovernment transactions.

Read more

10 Tips for a Cryptographic Key Management System in the Banking Industry - a Penetration Testing Perspective

This article discusses the shortcomings and learnings from penetration testing of cryptographic key management systems for banking organizations.

Read more

Key Management Strategies for SaaS: Avoid the pitfalls in the Cloud


This article discusses key management strategies for the SaaS cloud model, and unique security problems to be dealt with because of lack of user control.

Read more

Regain control of cryptographic keys in large organisations with centralised key management

This article describes from a CISO perspective how to manage and protect security assets in large organisations, i.e. the cryptographic keys and suggests adequate procedures and systems.

2/3 of organizations with public facing vulnerable to hacker attacks

The Heartbleed security vulnerability, publicised in March 2014, received an abundance of media attention as it exposed over 1 million web servers worldwide relying on OpenSSL version 1.0.1. The bug was corrected shortly after the leak with the release of OpenSSL v1.0.1g on April 7th 2014. However, estimates suggest that around 2/3 of organisations with public-facing systems are still vulnerable to the attack.

Read more

Business Requirements for Crypto Key Management - Marketplace Dynamics

We live in an information age where customers demand access to your organisations services anytime, from anywhere and via almost any medium. Invariably services are on-line and if you fail to provide them, your competitors will. The rate of change and innovation is unprecedented.

Read more

Enabling HSM Cryptography as an Integrated Service - Part 3 of 3

An updated version of this article is available under this link.

To date the deployment of encryption services and the techniques used to achieve interoperability and technical standards have always lagged behind what businesses have actually needed, or for that matter, what regulators or certain schemes are enforcing.

Read more

Enabling HSM Cryptography as an Integrated Service - Part 2 of 3

An updated version of this article is available under this link.

Development Projects Situations     

This second decade since the Millennium is seeing a major uplift in the use of cryptography in existing and new business systems. This uplift is likely to be disproportionately greater than the actual increase in business transaction volumes.

Read more