This can be defined in the centralized process for key management such that it allows for access only to authorized users. Access and Audit LogsĮncryption keys must only be accessed by those who require it. For example, using automation to generate, rotate and renew keys after certain set times can be a very good practice to adopt. A smart way to manage this is to make use of automation. The use of manual key management is not only time consuming as a process but also leads to the possibility of errors, considering the scalability factor at large organizations. Protecting from utilities (such as heating or air-conditioning systems) that could cause malfunctions. Limiting physical access control to critical systems.Įnsuring structural integrity, in the case of natural hazards. The usage of HSM assures the organization of strong physical, as well as logical protection.Īn organization must have a plan for physical security as well: Secure StorageĬonsidering that encryption keys are often the target for cybercriminals and attackers, it is a good option to have a hardware security module (HSM) in place for their storage. happens away from the actual location of the data. The centralized process is also beneficial in terms of processing, as the encryption-decryption process happens locally, but the storage, rotation, generation, etc. This serves as an added advantage in the case of a data breach, as the encryption keys is unlikely to get compromised. Such keys are usually stored away from encrypted data. However, oftentimes this may not be possible and the use of third-party services may be adopted for a more sophisticated approach. The best practice for an organization would be to have an in-house key management service. Hence is the need for a centralized key management system. Proper and secure storage of these keys can become a massive problem, especially when you require access to such keys on an immediate basis. Organizations tend to use several hundred or even thousands of encryption keys. Furthermore, the usage of asymmetric keys for data-in-motion and symmetric keys for data-at-rest is also advisable. Support for multiple standards in terms of algorithms can also be considered, as this may be required in the case of acquisitions or mergers, when other organizations use different encryption standards. Over time, algorithms tend to get weaker and hence, it is important to be able to change encryption keys from time to time. Agility is another very important attribute to have, since it allows for changes to algorithms and keys over time.
0 Comments
Leave a Reply. |