8 Best Practices for Encryption Key Management and Data Security

Data encryption is an important element of an organization’s response to security threats and regulatory mandates. What many organizations are finding is that while encryption is not difficult to achieve, managing the associated encryption keys across their lifecycle quickly becomes a problem that creates a new set of security vulnerabilities and risks making important data inaccessible to authorize users those who need it.

Confidential data resides in hundreds of places throughout an organization. It’s found in many different forms. Today’s business environment is compliance-driven, competitive and increasingly fraught with crimes of opportunities from financially motivated hackers and frustrated employees. This creates a mounting demand for effective, practical, automated, risk-mitigating ways to manage keys throughout their lifecycle so that “good guys” are granted access and the bad guys are thwarted. User and application access to these resources must be controlled, managed and audited so that authorized access is quick and reliable, all while preventing malicious attacks. Moreover, a thorough approach to key management must ask: “Who guards the guards?” The administration of keys must itself have built-in protection against internal maliciousness.