When a company stores critical data, whether in its own data center or in the cloud, encryption key management is vital to keeping that data secure, and letting the data center or cloud provider control the keys isn’t always an option.
Cyberattacks on enterprises are on the rise, but most enterprise IT shops are still using archaic key-management methods. For many, key management is a painful process, often because of those outdated methods, but there are solutions out there that take the pain out.
Instead of letting a colocation or a cloud provider control its encryption keys, a company normally encrypt the critical data and then sends it out to the storage location, said Chris Day, chief cybersecurity officer at Cyxtera Technologies, a security-focused data center provider formed this year as a result of an acquisition of CenturyLink’s massive global data center portfolio by a group of investors.
“The security benefits are obvious when the customer properly manages their own keys,” he said. “However, key management can be complex, and many organizations do not possess the skills in-house to properly do so.”
In fact, according to a survey conducted earlier this year by the Ponemon Institute and Thales e-Security, 59 percent of companies said there was a high degree of pain associated with key management, up from 53 percent the year before.
Top reasons for the pain? There was no clear ownership of the key-management function, followed by a lack of skilled people and isolated or fragmented key-management systems.
Keys to external clouds and hosted services are the hardest types of keys to manage, according to the survey.
It doesn’t help that 51 percent of companies use manual processes, such as paper or spreadsheets, to keep track of encryption keys. Only 37 percent of companies have formal key-management infrastructure in place.
On this front, however, the…