The information presented in this white paper discusses various approaches to cryptography and
key management, and can be used as a starting point for developing an effective policy-based key
management solution. Taking a proactive approach to data protection-planning, policies, and
process-results in a smoother implementation and a positive return on investment. Unlike
disparate, multi-vendor point solutions that can create limited "islands" of security, SafeNet's
approach provides an integrated security platform with centralized policy management and
reporting. This is ideal for seamless, cost-efficient management of encrypted data across
databases, applications, networks, and endpoint devices. Centralized encryption and key
management also provides a uniform and ubiquitous way of protecting data while reducing the
cost and complexity associated with compliance and privacy requirements.
An Enterprise Guide to Understanding
Key Management Written by Terry Fletcher, Senior Security Architect, SafeNet Publication date: August 28, 2009 Executive Overview Establishing effective key and policy management is a critical component to an overall data protection strategy and lowering the cost of ongoing management. A policy-based approach to key management provides the flexibility and scalability needed to support today's dynamic networking environments. Policy-based key management ensures the secure administration of keys throughout their entire lifecycle, including generation, distribution, use, storage, recovery, termination, and archival. This will also enhance business processes and relieve often over-burdened IT staff by breaking down the "islands of security" and "security silos" that are too often typical to enterprise environments. Each business has its unique network and operational requirements, which results in the need for tailored key management policies. While policies can be based on standardized specifications, it is a best practice to conduct a comprehensive risk assessment to reveal specific considerations in designing key management policies and procedures. For a more comprehensive look at applying enterprise-level key management, please refer to the white paper, Applying Enterprise Security Policy and Key Management. The information presented in this white paper discusses various approaches to cryptography and key management, and can be used as a starting point for developing an effective policy-based key management solution. Taking a proactive approach to data protection-planning, policies, and process-results in a smoother implementation and a positive return on investment. Unlike disparate, multi-vendor point solutions that can create limited "islands" of security, SafeNet's approach provides an integrated security platform with centralized policy management and reporting. This is ideal for seamless, cost-efficient management of encrypted data across databases, applications, networks, and endpoint devices. Centralized encryption and key management also provides a uniform and ubiquitous way of protecting data while reducing the cost and complexity associated with compliance and privacy requirements. 1. Introduction The first recorded organized usage of cryptography was during the reign of Julius Caesar in the early Roman Empire. Caesar recognized the importance of secret communications to successfully managing the political and military structures and processes of the Empire. Throughout history, this theme has been played out in many different forms of secret communications for a wide variety of purposes. With the need for secret communications also comes the need to effectively manage the associated cryptographic keys and the most successful systems for secret communications have been the ones with the most effective key management. Conversely, some of the most famous failures of secret communications have come about, at least in large part, because of weaknesses
An Enterprise Guide to Understanding Key Management Page 1 of 12
in key management (the Ultra program to exploit the German Enigma is perhaps one of the most familiar examples). Since the early 1970's, cryptography has played an increasingly significant role in protecting commercial and personal, rather than only high-level military and political, communications. This has been a tremendous enabling influence in the development of what has come to be accepted as electronic commerce. The growth of e-commerce and associated cryptography presents relatively new challenges to the enterprise. The typical implementation of cryptography has been to put up protective walls around either the transmission channel, for data being communicated, or the storage medium, for data at rest. To provide this walled protection, it is typical for disparate end-point solutions to be deployed to tackle what is perceived as isolated problems. Unfortunately, the disjoint security rule sets in end-point solutions (VPN, TLS, encrypting HD, tape & HD storage encryptors, etc.) makes it difficult for the enterprise security professional to match the security with the data in various locations and lifecycles. How does an enterprise "manage" security and cryptography, in particular, in the face of the many disjoint security rule sets in place? The answer documented in this white pape... [download for more]
