Businesses leaders are becoming more and more scared of an impending data breach. Most IT security professionals agree that a data breach is no longer a matter of “if” but “when”. While major enterprises are now scrambling to implement strong encryption and encryption key management to protect customer data, for many companies, like Target and Home Depot, these efforts are too little too late.
Encryption is one of the best-kept secrets of companies that have prevented or mitigated the consequences of a data breach. Because encryption renders data unreadable, any unauthorized access to that data is useless to the person who sees it. If the encryption key is adequately protected and not discovered by the intruder, then there is no way to decrypt the data and the breach has been secured. Encryption and encryption key management are the most defensible technologies for data breach protection.
Today encryption and encryption key management is as easy as launching an AMI in Amazon Web Services (AWS) in just a few minutes. Developers can now launch Townsend Security’s key manager, Alliance Key Manager (AKM), in AWS, Microsoft Azure, or VMware and receive up to two free licenses to develop and test encryption and key management in their applications. Alliance Key Manager is FIPS 140-2 compliant and provides NIST compliant AES encryption services so that encryption keys never leave the key server.
Businesses are not only concerned with risk management. Meeting compliance using standards-based solutions is also a critical piece to building defensible data security. Especially for government organizations that must comply with FISMA, many CIOs and CTOs won’t even consider an encryption or key management solution that hasn’t undergone NIST certification.
The importance of NIST compliance is far-reaching. Implementing a solution that meets an industry standard means that your solution will stand up to scrutiny in the event of a breach. NIST compliant encryption and key management have been tested against accepted standards for cryptographic modules and are routinely tested for weaknesses. Can meeting compliance regulations still be a low bar? Of course, but following standards and then implementing accepted best practices is the only way to meet compliance and achieve the highest levels of security.
With the Townsend Security Developer Program, you can develop applications that not only meet compliance but exceed them to give your clients the highest levels of security, you can win enterprise clients that you haven’t been able to work with before, and gain access to a host of Townsend Security APIs that have been designed for easy integration into new development projects.
Language libraries we provide for Alliance Key Manager include: Java, C/C++, Windows .NET application source code, Perl, and Python. Also available are client side applications for SQL Server and Drupal CMS.
To learn more and to join our Developer Program, click here.