The Business Case for Protecting the Keys to the Kingdom

The Business Case for Protecting the Keys to the Kingdom

An enterprise key management system can prevent data breaches, produce efficiency savings, simplify compliance, and enable digital transformation.

  • By David Greene
  • Jul 21, 2020

In the battle for security budget funding, enterprise key management isn’t nearly as sexy as technologies such as threat hunting or blockchain cybersecurity. Nevertheless, a key management system (KMS) is a behind-the-scenes workhorse that manages and protects the very keys that can open the kingdom. While a KMS is likely already a line item in the annual security budget, an investment to modernize a KMS to extend data security to the cloud will certainly pay dividends by reducing the risk of a data breach.

What is key management, and why is it necessary? Key management is the practice of administering the lifecycle of cryptographic keys in accordance with best practices such as those defined by the National Institute of Standards and Technology (NIST). In its “Recommendation for Key Management,” NIST states:

“The proper management of cryptographic keys is essential to the effective use of cryptography for security. Ultimately, the security of information protected by cryptography directly depends on the strength of the keys, the effectiveness of mechanisms and protocols associated with the keys, and the protection afforded to the keys.”

The fundamental requirements of key management are to generate cryptographically strong keys, protect the keys against disclosure or alteration, and provide effective controls for managing and using keys.

What is a Key Management System?
While encryption is built into many products today, the capabilities for generating and storing keys are often rather rudimentary and generally fall short of standards such as NIST SP 800-57. Electronic key management systems are commonly used to consolidate and centralize the management of keys across the enterprise in accordance with industry standards and best practices for data security.

A central capability of any KMS is systematic management of keys over their entire lifecycle, including generation, import/export, distribution, usage, update, backup, revocation, and deletion. A KMS should also provide controls to ensure that keys can be accessed only by authorized individuals and systems and used only for their intended purposes. All key operations should be logged for audit and compliance purposes.

As a business-critical system, a KMS must ensure that keys are always available when and where required, and that they are fully protected against permanent loss (whether accidental or malicious).

The Need for and Benefits of an Enterprise KMS
Large organizations typically have many different tools and systems for managing keys across different parts of their infrastructure, both on-premise and within different public clouds. Often, this has evolved organically over time, without a single unifying strategy or technical approach. The result is inefficient and often incompatible solutions that make it difficult to apply consistent policies and controls across the organization and to complete compliance audits. Organizations may not know where all their keys are, who has access to them, what they are used for, whether they are updated regularly, or when they were last used. This is a data breach waiting to happen.

To address these issues, organizations should replace this fragmented key management ecosystem with a single, centralized KMS for the entire enterprise. There are many benefits of using an enterprise KMS, including:

Risk reduction. A KMS enhances the organization’s security posture by preventing the loss, compromise, and misuse of encryption keys.

Efficiency and cost reduction. Such a system provides many opportunities for increasing efficiency and reducing cost; for example, eliminating manual processes, and reducing the number of skilled resources required to manage keys.

Compliance. An enterprise KMS enables organizations to easily maintain and demonstrate adherence to standards, policies and regulations.

Flexibility and agility. Enterprises are adopting new ways of working, such as Continuous Integration / Continuous Delivery (CI/CD). To enable a secure-by-default DevSecOps approach, developers must be able to use cryptography easily via a REST API that supports the on-demand creation and use of keys and digital certificates.

Building the Business Case for an Enterprise KMS
The benefits of using an enterprise KMS are clear, which makes building the business case to invest in such a solution relatively straightforward.

The first step is to recognize the limitations and risks of continuing without one. Perhaps the organization has one or more old key management systems that once met the organization’s needs but are no longer adequate or effective in the face of today’s security, efficiency, compliancy, and agility demands. Consider the cost of operating and maintaining outdated systems and the risk of a data breach should a key be compromised.

The second step is to identify the main driver for change, which will depend on where the organization sees the greatest challenges:

Data breach prevention. Risk reduction if often the main justification for deploying an enterprise KMS. The business case will offset the cost of the solution against the cost of a data breach, which could result in fines, lawsuits, and extensive reputational damage. The chosen solution should have a strong underlying security architecture and meet industry standards such as FIPS 140-2.

Cost savings. More tangibly, consolidating key management can provide a significant return on investment by reducing the cost of operations -- both tools and people. The chosen solution should be flexible enough to support the existing use cases, and scale to meet future capacity demands, support new technologies, and adapt to changing business requirements.

Audit findings. Failing either internal or external compliance audits can be a strong justification for an enterprise KMS. Such a system enables standardization and enforcement of policies and controls, providing evidence in the form of an audit log. The chosen solution should provide the necessary tools to enforce the organization’s policies and provide detailed audit logs.

Cloud migration. Hybrid- and multi-cloud infrastructures require a modern, cloud-friendly enterprise KMS solution that is cloud-agnostic, supports DevOps / DevSecOps methodologies, and offers a comprehensive REST API, while still supporting legacy on-premise applications. A strong KMS solution can help accelerate the movement of workloads to the cloud.

Proper key management is a critical foundation for security and compliance. Enterprise key management is the only way to effectively and efficiently secure keys, and by extension the data they protect, while also supporting and enabling digital transformation.

An enterprise KMS should be a strategic enterprise tool that enables the organization to unlock the power of its data by securing it throughout its lifecycle. By enhancing security, eliminating inefficiency, simplifying compliance, and enabling business transformation, the ROI can be significant and rapidly cover the initial investment cost, with savings continuing to accrue over time.

Featured

  • New Gas Monkey Garage Venue Uses AI-Enhanced Video Technology

    Gas Monkey Garage, the automotive custom shop and entertainment brand founded by Richard Rawlings of Fast N’ Loud TV fame, has opened a vibrant new restaurant and bar in South Dakota, equipped with advanced, AI-enhanced video tech from IDIS Americas. Read Now

  • Data Driven, Proactive Response

    As cities face rising demands for smarter policing and faster emergency response, Real Time Crime Centers (RTCCs) are emerging as essential hubs for data-driven public safety. In this interview, two experts with deep field experience — Ross Bourgeois of New Orleans and Dean Cunningham of Axis Communications — draw on decades of operational, leadership and technology expertise to share how RTCCs are transforming public safety through innovation, interagency collaboration and a relentless focus on community impact. Read Now

  • Integration Imagination: The Future of Connected Operations

    Security teams that collaborate cross-functionally and apply imagination and creativity to envision and design their ideal integrated ecosystem will have the biggest upside to corporate security and operational benefits. Read Now

  • Smarter Access Starts with Flexibility

    Today’s workplaces are undergoing a rapid evolution, driven by hybrid work models, emerging smart technologies, and flexible work schedules. To keep pace with growing workplace demands, buildings are becoming more dynamic – capable of adapting to how people move, work, and interact in real-time. Read Now

  • Trends Keeping an Eye on Business Decisions

    Today, AI continues to transform the way data is used to make important business decisions. AI and the cloud together are redefining how video surveillance systems are being used to simulate human intelligence by combining data analysis, prediction, and process automation with minimal human intervention. Many organizations are upgrading their surveillance systems to reap the benefits of technologies like AI and cloud applications. Read Now

Most   Popular

New Products

  • Connect ONE’s powerful cloud-hosted management platform provides the means to tailor lockdowns and emergency mass notifications throughout a facility – while simultaneously alerting occupants to hazards or next steps, like evacuation.

    Connect ONE®

    Connect ONE’s powerful cloud-hosted management platform provides the means to tailor lockdowns and emergency mass notifications throughout a facility – while simultaneously alerting occupants to hazards or next steps, like evacuation.

  • Mobile Safe Shield

    Mobile Safe Shield

    SafeWood Designs, Inc., a manufacturer of patented bullet resistant products, is excited to announce the launch of the Mobile Safe Shield. The Mobile Safe Shield is a moveable bullet resistant shield that provides protection in the event of an assailant and supplies cover in the event of an active shooter. With a heavy-duty steel frame, quality castor wheels, and bullet resistant core, the Mobile Safe Shield is a perfect addition to any guard station, security desks, courthouses, police stations, schools, office spaces and more. The Mobile Safe Shield is incredibly customizable. Bullet resistant materials are available in UL 752 Levels 1 through 8 and include glass, white board, tack board, veneer, and plastic laminate. Flexibility in bullet resistant materials allows for the Mobile Safe Shield to blend more with current interior décor for a seamless design aesthetic. Optional custom paint colors are also available for the steel frame.

  • EasyGate SPT and SPD

    EasyGate SPT SPD

    Security solutions do not have to be ordinary, let alone unattractive. Having renewed their best-selling speed gates, Cominfo has once again demonstrated their Art of Security philosophy in practice — and confirmed their position as an industry-leading manufacturers of premium speed gates and turnstiles.