How centralized key management systems can improve data encryption practices

Data encryption experts offer guidelines to agency leaders for assessing the effectiveness of their data encryption practices and how to build a strategy across lines of business.
data encryption

Agencies seeking to protect their data in motion or at rest often use different encryption strategies, many of which are managed by application owners and database administrators across the organization.

However, data experts warn that agencies that lack a centralized encryption key management system, or a clearly defined strategy, open themselves up to the risk of losing control of encryption keys, allowing access to those who shouldn’t have it or expending resources to encrypt data that is not pivotal to the core mission.

In a new report, experts from a leading global provider of encryption tools, Thales, highlight some of the core challenges organizations face with encryption. “The Enterprise Encryption Blueprint” is meant to be a conversation starter for IT leaders and a foundational primer for creating an enterprisewide strategy to improve data security across lines of business.

Encryption keys safeguard data at rest or in motion by attaching a unique code to a cluster of data in such a way that without it, the data is rendered inaccessible. Therefore, enterprise IT leaders must resolve a fundamental concern: How is their organization managing and supplying keys for encryption?

Experts in the report advise that the focus should be on a “centralized key management capability, one that will store, protect, manage, rotate and backup any of the keys you are using for protecting data.”

Centralized key management also enhances the ability of an organization to develop and deploy a broader encryption strategy.

“Being realistic about the risks of not properly managing data encryption keys can help guard against compromised keys or lost or deleted keys — which have the same impact as shredding the data and making it unusable forever,” the report cautions.

This includes keeping your data encryption engine beyond the reach of unauthorized users and processes, including general system administrators and third-party providers.  Who has access to the data and how it fits with other solutions are both essential to effectively securing the information.

Achieving realistic encryption goals involves building a central strategy. Planning for the long term, first, will enable agencies to determine which systems are best suited for data encryption and how to best manage resources.

Read “The Enterprise Encryption Blueprint” for more information on encryption and key management.

 This article was produced by FedScoop for, and sponsored by, Thales.

Latest Podcasts