The Importance of Cryptographic Key Management & Cryptographic Audit

Sam Ross-Gower
February 16, 2020

"Most experts agree that encryption is the cornerstone of security, and helps you achieve a higher level of resilience against data misuse, theft or breach," says Talya Mizrahi of Unbound Tech.

The importance of cryptographic key management increases as companies begin to move sensitive applications to the public or hybrid cloud. Understanding exactly which keys are carrying out which operations, what data each key is protecting, and how they are generated and stored, is more critical than when all keys were only used and stored on-premise. Applications are also likely to employ more encryption when running in the cloud. This is necessary to meet compliance and security goals, and increases key management complexity further.

Companies operating in highly regulated industries, such as financial services, must be particularly careful. Incidents such as the Capital One breach last year have demonstrated the disastrous consequences of mis-configuring cloud services.

Regulators are more watchful than ever, with companies obliged to carry out frequent audits of cryptographic key storage, both to ensure security and demonstrate compliance. "As organizations move their data among different sites, on-prem, in the public/private cloud and other virtualized environments, the challenge to protect data via encryption is compounded by the thousands of keys that need to be managed at any given moment," says Talya.  Due to the scale and complexity of key management, it is frequently impossible to understand the lifecycle of every key by manual audit.

Tools that can automate cryptographic key audit are now employed by major financial institutions worldwide, allowing them to save time in the audit process and also prevent data breaches caused by bad key management. This is why we have implemented full key lifecycle inventory inside Cryptosense Analyzer alongside the application vulnerability information.  

For a demo of how Cryptosense Analyzer can provide you with a full inventory of cryptographic keys used inside your applications, get in touch. For more about the importance of cryptographic key management, read the full article over on Unbound's Blog.