7 Questions to Ask of Your Cryptographic Solution
When it comes to encryption key management, there are several options for organizations to pursue: on-premises, cloud, or hybrid. Regardless of strategies, the requirements for encryption key management are universal whether you’re a financial services organization, enterprise, or government entity:
- Robust security
Hardware security modules (HSMs), the core of encryption key management, are tasked with compliantly managing the lifecycle of encryption keys used across an organization’s estate of applications. This includes creating, managing, storing, distributing, and retiring or revoking keys.
A few years ago, on-premises key management was the only choice. This has changed and organizations now have the option to move fully to the cloud or adopt a hybrid model. As you’re considering different scenarios, ask these seven questions of your cryptographic solution:
1. Security. Look for validation under FIPS 140-2 Level 3 and PCI HSM standards. If financial services are using it, then shouldn’t you?
2. Scalability. Does it scale to meet your needs?
3. Compliance. Will the infrastructure pass audits?
4. High availability. Does it eliminate single points of failure in real-time?
5. Integration. Does it integrate with your current systems?
6. Resources. Do you have a dedicated key management and crypto team?
7. Cost. Hardware is capex-centric, cloud is an operating expense model.
On-premises. An on-premises key management solution gives organizations complete and isolated control over their key management. For example, financial services organizations handling transaction processing require systems and networks that are optimized to process a very high volume of data with minimal latency (delay).
Cloud. The cloud offers access to on-demand scalability — ideal for cryptographic operations that can face significant spikes in usage. The cloud can increase capacity and facilitate remote access to vital business functions, especially now when redundancy and scalability are more important than ever.
Hybrid. Many organizations simply prefer to own and physically oversee their own HSMs, but they also seek the accessibility and convenience of the cloud. A hybrid model would contain a combination of on-premises HSMs and cloud HSMs to account for scalability, backup, and failover.
As you work to monitor your organization’s IT operations, two questions to ask yourself:
- Can my infrastructure handle higher volumes of users and transactions?
- How would my organization handle a service disruption if we experienced an outage?
“To account for a newly remote workforce, data center and social distancing challenges, and an increasingly diverse set of cyber threats — not to mention the ever-present need to account for traffic peaks, balance workloads, and ensure uninterrupted access — managing encryption key management with acuity is more important than ever,” wrote Adam Cason, Vice President, Global and Strategic Alliances for Futurex, in Key Management with Acuity: On-Premises, Cloud, Hybrid, the Infosecurity Magazine article. Read it here.
As you are exploring, evaluating, and defining your key management strategy, the Futurex team is here for you to answer your questions and help you along. Sign up for a 1:1 strategy session today with a Futurex Solutions Architect.