How to manage encryption keys - Storage Technology Magazine - Page 1

How to manage encryption keys

Encryption is an effective way to secure data, but the encryption keys used must be carefully managed to ensure data remains protected and accessible when needed.


Encryption is pushing its way into more corners of the enterprise. From database fields for customer credit cards or social security numbers, to laptop hard drives with proprietary data, more storage is being encrypted more frequently. Every encrypted item needs a key to unlock the encrypted data, and managing the hundreds or thousands of keys used across an enterprise can be a big headache.

The specter of data loss is the biggest reason why encryption isn't implemented more widely. Most experienced system administrators are conservative when it comes to new technologies that could potentially lock them out of their own data. On the other hand, business requirements, legislation and liability for lost data are driving encryption forward. For the moment, centrally and securely managing encryption of all of the various types of data across the whole enterprise is only a dream--unless you use the same vendor for all of your encryption tasks.

Many vendors are pushing for a single encryption-key management standard. Decru Inc., nCipher Corp. Ltd., NeoScale Systems Inc. and Vormetric Inc. all have, or will shortly have, open platforms that should be able to manage keys from other vendors. All of these systems control key access, even if the storage systems are compromised and the keys

    Requires Free Membership to View

    Login

    When you register for SearchStorage.com, you’ll also receive targeted emails from my team of award-winning editorial writers. Our goal is to keep you informed on the hottest topics, the latest news and the biggest challenges you face as a storage professional today.

    Rich Castagna, Editorial Director

    By submitting your registration information to SearchStorage.com you agree to receive email communications from TechTarget and TechTarget partners. We encourage you to read our Privacy Policy which contains important disclosures about how we collect and use your registration and other information. If you reside outside of the United States, by submitting this registration information you consent to having your personal data transferred to and processed in the United States. Your use of SearchStorage.com is governed by our Terms of Use. You may contact us at webmaster@TechTarget.com.

aren't available locally. Keys are associated with specific data repositories, ensuring that the key necessary for a specific directory or file can be readily identified. Once access requirements are fulfilled, keys are provided on demand; management systems also encrypt keys in transit and delete keys when they're no longer needed. Audit logs show who has accessed what data, and when that access occurred. In addition, these systems limit key generation and modification to specific authorized personnel.

This was first published in October 2006

Back to top