An encryption scheme is only as strong as its key management. The keys, which are used to encrypt and decrypt data, must be managed throughout the data lifecycle, made available to legitimate users of the data and must be protected from malicious insiders as well as outside attackers. Key management solutions need to match the organization’s structure — small or large, centralized or distributed — its security assurance levels, and its operational needs. Management can be done locally, remotely or centralized. But whatever solution is used, it must be able to scale with the enterprise. Automating key management is the only practical enterprise-wide solution.
In this industry perspective, created in partnership with HPE and TSPi, Chip Charitat, Senior Solutions Architect at HPE Data Security, explains that encrypting data-at-rest is a minimum standard of care for protecting sensitive data, and that effective encryption requires secure enterprise key management practices with automated policy enforcement that can scale with the enterprise.