To replace compensating controls with truly effective ones, you must understand EKCM best practices, including guidelines for building the comprehensive inventory of encryption assets that almost all organizations lack, templates for generating NIST-compliant encryption keys, and policies for controlling and auditing access to sensitive encryption assets.
You know data leaks can ruin an organization’s reputation and expose it to draconian fines, costly litigation and damage to your reputation. But do you know that encryption alone isn’t enough to protect you? In recent, high-profile breaches, improperly secured encryption assets—not failure to encrypt—left the organization exposed.
If your organization is like most, data is secured by vast, but largely unmanaged, deployments of SSL certificates, SSH keys and symmetric keys. Server admins, who are often unaware of the security implications of these technologies, take primary responsibility for deploying them—yet you and other IT security professionals remain on the hook for the overall security that the technologies provide.
At the root of many recent high-profile, costly and reputation-damaging system outages lay a simple certificate error. Servers and applications—in enterprise data centers and in the cloud—increasingly leverage digital certificates and encryption keys for all of their functions. When the trust furnished by a certificate and key fails, systems come crashing down.