Part 2 – Accelerating Time-to-Market
With the increase in e-commerce and electronic communications on the one hand, and the growing challenges of cybercrime and data protection regulation on the other hand, cryptography is becoming an increasingly important business enabler.
This is especially true in the banking and financial services industry, where large sums of money are involved that attract cyber criminals, but also in emerging industries such as FinTech, IoT and blockchain, whose business models are heavily dependent on cryptography to provide the necessary security and privacy.
Consequently, many organizations are developing new cryptographic applications, and with the need to be increasingly agile in today’s competitive markets, they need to do so at pace. However, the difficulty of scoping and delivering a cryptographic project increases with the number of actors and platforms it must accommodate; and if the project involves layering additional security onto a pre-existing system, without impacting either performance or availability, then the challenges are even greater. The potential complexity of cryptographic project workflows is illustrated in Figure 1.
Figure 1: Cryptography Development Project Workflows
These workflows are likely to have multiple iterations, and it may prove practically impossible to achieve all the objectives within the constraints imposed. As a result, the use of cryptography often becomes, or is perceived as, responsible for holding up entire projects. Responding to these development challenges requires organizations to consider moving away from the project-by-project model and embrace a more proactive and sustainable approach to developing and managing cryptography.
Cryptomathic's Crypto Service Gateway (CSG) is the world's first embodiment of an integrated cryptographic service model, ideally suited to the demands of 'application-level cryptography'. This model improves workflows making it easier for organizations to enhance their business systems to provide end-to-end protection and security of sensitive data. Organizations can choose to protect as much or as little business data as is considered necessary - within transaction flows or data at rest - in a disciplined and controlled manner.
Figure 2: Improved Workflows with CSG
CSG provides a fully-integrated cryptographic environment that scales easily with the number and size of applications within your business. Rather than working with a range of complex, often proprietary HSMinterfaces, which require a lot of detailed cryptographic knowledge, developers can work with a single, simple crypto API and spend more of their time focusing on the business logic.
Furthermore, crypto policy definition can be left in the hands of a small team of security specialists who can enforce it across all applications, so it is no longer a challenge that every project has to address individually; subsequent changes in crypto policy (e.g. changes of algorithm or key length) become easy to implement across the board, without having to modify each application.
This new crypto service model also works to the advantage of project managers, providing a range of advantages such as:
The end result is that projects can be completed more quickly, on a lower budget and with less risk; and the resulting business applications are more maintainable.
Businesses often view the inclusion of cryptography at the outset of a project as a necessary evil. Consequently, they frequently opt for a 'tactical solution' because the proper 'production-strength solution' will cost the project perhaps 30% more and, more importantly, add an extra 5 weeks to the project's duration. However, once the tactical solution has been developed and the service is operational, what is the likely appetite for going back and putting in the production-strength solution (and risk breaking something), in comparison to other business priorities that promise a higher return on investment (ROI)? In contrast, using an integrated service model allows the organization to design the cryptography correctly from the outset, with a reduction in both time and costs.
Having a clear vision of how your organization can harness an enabler such as Cryptomathic’s Crypto Service Gateway is absolutely fundamental. This vision can be modest or aggressive, and could have one, several or all of the following characteristics:
CSG enables organizations to be more agile, whilst reducing the cost of developing, operating and maintaining their cryptographically-enabled business applications.
Cryptomathic can assist your organization in determining the benefits and ROI achievable from deploying CSG, an exercise that is likely to prove very illuminating and result in a strong business case for using CSG.