Centralized encryption key management maximizes data protection while minimizing operational burdens.
Protecting data from unauthorized access is a critical issue for businesses in all industries. According to The Ponemon Institute’s fifth annual U.S. Cost of a Data Breach Study, data breach incidents cost U.S. companies $204 per compromised customer record in 2009, up from $138 per compromised record since the institute began conducting its study. Meanwhile, the average total cost of a data breach rose from $6.65 million in 2008 to $6.75 million in 2009.
The good news is that encryption can dramatically reduce, if not eliminate, the risk of a data security breach. Encryption effectively “scrambles” data, which cannot be read without the correct encryption key. A number of products are now available to encrypt sensitive data “at rest” on laptops, desktops, backup tapes and removable storage media, as well as data “in motion” across networks.
Organizations should deploy encryption strategically, across the enterprise, with policies and procedures designed to promote effective use of the technology. Centralized encryption key management is also essential. According to IDC, 44 percent of enterprises plan to encrypt more than 75 percent of their data, and one of the top two issues related to deploying encryption is the ability to recover the data.
“The use of encryption is widely recognized as the best method for protecting valuable information and enabling compliance with industry and government regulations,” said Charles Kolodgy, research director at IDC. “Time and time again, our research shows the primary barrier to the widespread use of encryption is the fear that encrypted data will be lost. Users are demanding strong key management systems.”
Into the Vault
An enterprise key management system enables customers to store and secure encryption keys and metadata about encrypted media in a centralized vault, ensuring that keys are not compromised and that the enterprise will be able to decrypt the data in the future. It also helps reduce the complexity of managing encryption by enabling a centralized, policy-based approach to key management, governing access to keys, sharing of keys, expiration of keys, shredding of keys, and all other aspects of key lifecycle management.
Centralized encryption key management enables organizations to adopt the encryption solutions that work for them today and to expand to other encryption solutions in the future, without having to change their approach to key management. It also reduces security risks by ensuring that the management of encrypted data and the management of encryption keys are maintained as two separate functions within the IT organization.
Companies often deploy separate encryption and key management systems for different business uses, such as laptops, storage, databases and applications. Cumbersome — often manual — efforts are often necessary to generate, distribute, vault, expire and rotate encryption keys. This has resulted in increased costs for IT, difficulty meeting audit and compliance requirements, and lost data. Encryption key management helps reduce the cost and complexity associated with point solutions, making encryption more viable across the enterprise.
Streamlined key management is essential in a wide variety of data management processes. For example, the data recovery process requires locating encryption keys quickly for tapes created weeks or months earlier. At the same time, this efficiency must not impact the security of keys or violate corporate policies regarding how keys are stored and distributed.
Open Standard
To help facilitate centralized key management, several vendors have jointly developed a specification for a standard designed to simplify how companies encrypt and safeguard information. The companies have submitted the Key Management Interoperability Protocol (KMIP) to the Organization for the Advancement of Structured Information Standards (OASIS) for advancement through the organization’s open standards process.
KMIP is designed to provide a single, comprehensive protocol for communication between enterprise key management services and encryption systems. KMIP enables vendors to address the need for enterprise-wide key management, providing customers with better data security and decreased expenditures on multiple key management products and operations. By taking advantage of KMIP-enabled software and devices, companies will be able to cut operational costs and reduce risk by removing redundant, incompatible key management processes.
The right encryption key management solution can help minimize the impact of encryption processes on IT operations and the risk of data inaccessibility or loss. For organizations seeking to encrypt sensitive data throughout the distributed enterprise, enterprise key management solutions provide a robust, centralized, comprehensive approach to enterprise encryption key management to minimize administrative overhead and maximize the value of data encryption.
