2 min read

Guide: How to Navigate Complex Key Management Compliance Requirements

Guide: How to Navigate Complex Key Management Compliance Requirements

11 - January 2016

Cryptomathic, has published a free to download white paper which offers advice and guidance to banks and other organisations with large amounts of sensitive data, on how to achieve and sustain cryptographic key management compliance in a cost-effective manner. 


The white paper, titled: ‘Key Management Compliance – Explained’, provides a high-level, yet comprehensive overview of all major topics that have to be considered for compliance purposes.  It also explains that where requirements are highly dependent on standards and rules applicable to various industries and individual businesses, there is rarely a single defined common approach which must be adhered to in order to achieve and maintain compliance. The paper outlines that those with compliance responsibilities within a business – whether compliance managers, IT security personnel, CISOs etc. - must conduct holistic assessments to understand what is relevant to their specific business processes and industry requirements. They must then build appropriate routines into the day-to-day operations of a business, rather than approach compliance and audits as projects to be addressed on an ‘as needed’ basis.

In support of this, the white paper outlines the importance of determining which compliance authorities are relevant to individual businesses. To bring clarity to companies seeking to better understand the landscape, the document provides an overview of the major compliance authorities that have a significant impact on key management compliance, particularly in the financial sector.

The paper further enables organisations to understand the main areas and issues to consider when addressing crypto key management compliance, by highlighting three core areas, namely certification, standards and audits.  It provides greater detail by examining key compliance domains, such as physical security, logical security and personnel security, and provides information on compliance audit processes. 

The white paper explains the importance of managing keys and provides recommendations on how to streamline and automate key management processes while managing costs effectively and ensuring scalability. The impact that compliance can have on the architecture of key management solutions is also explored along with advice for readers on how to optimally achieve compliance while simplifying audits.

“Regardless of which system or solution is used, cryptographic keys always need to be managed using highly secure processes,” comments Morten Landrock, Executive Vice President, EMEA, Cryptomathic. “Compliance requirements are dynamic and continuously evolving, which can make the process of building a long-term compliant key management system challenging. This paper is intended to bring clarity to the complex, and ever evolving, subject of compliance, while highlighting the crucial role that internal and external compliance requirements play in ensuring secure key management processes.

“The realisation of compliance is a strong business driver, but if not carefully approached, it can add significant overheads to business operations and does not necessarily result in better security. As such, it is critical that compliance requirements and the processes needed to achieve them, are built into a solution from the very outset.”

Founded in 1986, Cryptomathic is a market leading e-security provider, which has been delivering secure, automated lifecycle key management solutions on a global scale for the past 18 years. Its Cryptomathic Key Management System offers a flexible key push protocol allowing the secure distribution of keys to almost any secure host system from any vendor. The system also enables and simplifies internal and external compliance of financial regulations, such as PCI.


Download the white paper: Key Management Compliance - Explained