The modern Enterprise deploys a variety of server platforms, operating systems, and programming languages. A major barrier to deploying encryption has been the challenge of accessing encryption keys from these widely divergent environments. Encryption key management solutions have the primary goal of managing and protecting encryption keys, and making them available to authorized applications in a secure fashion.
Key management solutions vary greatly in the complexity of the key retrieval process. The more complex the key retrieval interface, the greater the challenge for the Enterprise IT team in deploying key retrieval in applications. Understanding this fact can help IT decision makers assess different vendor solutions and the likely costs of deploying a solution in their enterprise. Below is a list of questions that you should ask your key management vendor when assessing their solution.
Key Management Vendor Checklist
1. Is your key manager FIPS 140 certified? What is the certificate number?
2. How would you describe the encryption key payload as retrieved from the key server? Is it simple or complex?
3. Is there a common key retrieval application interface on all platforms? What are the differences?
4. What platforms do you support for key retrieval? (Note any gaps in platform coverage for your company)
5. Do you provide working sample code for the platforms I need? (Windows, Linux, UNIX, IBM i, IBM z)
6. Do you supply binary libraries for all Enterprise servers?
7. Do you have a Java key retrieval class and examples? Is it standard Java or JNI?
8. Do you charge separate license fees for each client operating system?
9. Do you require that we purchase consulting services from you? Why?
10. I am an independent software vendor (ISV), can you brand the solution and certify the solution for us?
Once you have the answer to the above questions, it should be easier to choose the right key management vendor for your Enterprise. If you have any questions, click here and we will call you right back.