I just returned from a trip to Europe and Encryption Key Management was a very hot topic. This is a topic I very much like to speak about, given our recent release of Alliance Key Manager. It still surprises me how many conversations I had with technology companies who understood the need to have a proper key manager either embedded within or integrated from the outside of their program or appliance. There are, I think, a couple of reasons for this phenomena.
First, many organizations are taking the step to encrypt sensitive data that used to be stored in the clear. Protecting data is an important IT initiative these days, and one of the absolute best ways to protect data is to encrypt that data. But as IT teams take on their encryption initiatives, somewhere in the middle of their first encryption project an important realization dawns upon them: After you encrypt the data, the data is only safe if you protect the encryption key. At this point some organizations will put a temporary fix in place and "hide" the keys as best they can on the same server as the data, but they know this is wholly unsuitable and that a more secure and more permanent solution must be found.
The second reason that I think key management has become such a hot topic on this trip is because of the increased number of compliance regulations around encryption key management. In October of 2010 the PCI-DSS 2.0 standard was released and in it is call for organizations that store credit card information to use a certified key management solution that is separated from the data, includes robust auditing capability, and supports separation of duties and dual control (more on those topics perhaps in another blog post).
From my perspective then, we appear to have just the right solution at just the right time. Having recently received our FIPS-140-2 certification for Alliance Key Manager in the U.S. Mail, we're in a celebratory mood here at Townsend Security and it is good to hear all our friends in Europe endorse the time and effort our team has put into this fabulous offering.
John Earl