PRO+ Premium Content/Information Security magazine

Thank you for joining!
Access your Pro+ Content below.
June 2007

Encryption key management blunders can render deployments useless

If you plan on implementing PKI, take the following lesson learned the hard way from those who have gone before: Triple your proposed budget and double the implementation schedule. The heart of the problem is that integrating and implementing key management takes more effort and energy than most organizations realize. These complexities and difficulties are why companies often steer clear of extensive use of data encryption. Faulty key management renders encryption useless and is a prime reason organizations that say they are encrypting databases still get breached. It can also negate any exception encryption gives you under breach disclosure laws. Even though Califor-nia's SB 1386 requires organizations to report any disclosure of unencrypted data, improperly implemented encryption will put you back on the hook if the data may have been exposed. The security of any encryption solution is based on the secrecy of the key, not the algorithm or cipher text. If the keys are not properly controlled, an attacker can acquire them. The ...

Access this PRO+ Content for Free!

By submitting your personal information, you agree that TechTarget and its partners may contact you regarding relevant content, products and special offers.

You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.

Features in this issue

  • SIMs maturing and suitable for mid-market

    Security information management systems (SIMs) tools have expanded with more capabilities such as active threat response. The broadening of the technology will provide security managers with a sharper view of their overall security posture.

  • Product review: nCircle Configuration Compliance Manager

    nCircle Configuration Compliance Manager brings policy compliance and secuirty management into one centralized software suite. It provides vulnerability scanning via third-party scanners such as Nessus. This product review rates the software's ease of installation, features and effectiveness.

  • Encryption key management blunders can render deployments useless

    Encryption sounds like an ideal way to protect data but key management, including accountability, training, and enforcement of password complexity, are challenging.

Columns in this issue