Inadequate key and certificate management invalidates encryption efforts
With sensitive data—and threats to that data—increasing exponentially, companies struggle to implement comprehensive encryption. Unfortunately, deploying increasingly expansive volumes of encryption without simultaneously increasing staff or resources to manage the impacted systems and assets exposes new security threats, all while increasing the risk of compromise and noncompliance the encryption deployments originally aimed to avoid.
Because encryption means nothing unless keys remain secret, the data that companies believe is protected remains woefully exposed. Only best key and certificate management practices, made possible and painless by an automated solution, truly protects vital data.
Manual management processes expose keys to compromise
To protect encryption keys, administrators must follow clear, well-documented processes that minimize the keys’ exposure. Most company’s manual key management practices fail to measure up:
- Keys have multiple access points
- Keystores passwords are not changed regularly
- The same password is used across multiple keystores
- Private key(s) are manually shared between administrators and applications
- Distribution policies are lax or unclear
- Private keys and passwords are not changed when admins leave the organization
- Expansive key and certificate volumes leave glaring gaps in coverage
With so many points of exposure, dozens of people can access thousands of keys. The typically high IT staff turnover magnifies the risk of a compromise.
Poorly managed encryption assets give rise to serious security issues
Consider the devastating consequences of a compromised key:
- A compromised symmetric key exposes the company to data breaches
- A compromised private key (associated with a server’s digital certificate) exposes the company to data breaches, phishing attacks and malware
- A compromised SSH key exposes the company to data breaches and other attacks
