When a solution integrator assesses a company's IT and data security needs, most solution integrators know that almost every single business will need to meet at least one set of data security compliance regulations. If it's a retail business, they'll need to meet PCI-DSS. If it's a bank or financial company, they'll need to meet FFIEC and GLBA. If the company is a healthcare organization, they'll need to meet the data security requirements of HIPAA-HITECH. 

All of these regulations require that entities protect their sensitive data. From names and addresses to credit card and protected health information, these regulations say that the only way to truly secure this data is with encryption--not just firewalls and strong passwords--but with AES encryption. Even more importantly, most industry regulations and laws state that if a company is using encryption and proper encryption key management, should that company have a data breach, they don't always have to report it.

Do you think the companies who had major data breaches last year wish they had known that little fact? We're guessing, yes. 

Unfortunately, there's a lot of false information out there about encryption and encryption key management. A common misconception is that hackers can break encryption. The truth is, hackers don't break encryption, they find the encryption keys. How do they find the keys? If the keys are stored on the same device that the encrypted data is stored on, or the keys are stored in an unsecured location that the hacker gets access to, once the hacker has the keys, he or she can "unlock" the encrypted data. 

It's a little bit like taping your house key to your front door and hoping that a thief won't find it there. It's wishful thinking. 

That's why encryption is considered only half of a solution. All companies encrypting data also must implement good encryption key management. 

Of course solution integrators want to know how offering their customers encryption key management services can grow their business. There's actually still a lot of hesitation around encryption key management as a service because managing keys was once a very difficult and costly thing to do. It even had a reputation for causing severe performance impacts on a network. Maybe that was true 10 years ago, but today encryption and key management technology is: 

• Easier than ever to implement on legacy platforms such as IBM i and Microsoft SQL Server 

• Cost effective

• Has very little impact on performance. 

That’s why offering encryption key management to your customers is always a good idea. Offering these technologies will not only grow your business. Encryption key management service will protect your customers and help them meet compliance (which they’ll be thankful for).

Townsend Security is a Microsoft Silver Partner and an Advanced partner with IBM, providing the only FIPS 140-2 certified key management solution for Pureflex. Want to learn more about encryption and key management for IBM platforms? Download the podcast on automatic encryption for IBM i below!