Manufacturing involves multiple tiers of suppliers providing components that come together to create the end product. Each tier is an exercise in unique processes to the manufacturer and their third-party suppliers’ raw materials, production, inventory, and distribution. This complicated convergence of players, processes, and data creates a wicked infrastructure security problem.
With large-scale data breaches on the rise in the last few years, affecting millions of people, making sure your company’s sensitive information is safely encrypted and thus secure should be one of your top priorities. Encryption across your organization scales quickly — from securing file-servers to protecting user data — meaning that you could be looking at hundreds if not thousands of encryption keys. This is a lot of information for your team to handle, especially considering the importance of secure and properly managed keys. That’s where enterprise key management comes in.
Portability, versatility, efficiency, and cost-effectiveness are just a few of the advantages of moving to virtualized environments. Instead of requiring a data center full of equipment, virtualization lets organizations rely on just a few servers. A smaller footprint equals less power consumption, lowered cost of ownership, and less overhead. However, too often, enterprises neglect security when it comes to implementing virtualization. Now, VMware makes it possible to easily encrypt and manage virtual machines (VMs) in minutes. Read more
CCPA stands for California Consumer Privacy Act. However, your company doesn’t have to be located in California for this law to affect business. If you’ve collected personal data on at least 50,000 people, or have $25 million or more in annual revenue, CCPA applies to your organization.
Proposition 24, also known as the California Privacy Rights and Enforcement Act of 2020, was passed by California voters in the November 2020 election. Proposition 24 expands the reach and amends some provisions of CCPA, creating additional protections for Californians, and additional work for organizations.
In short, CCPA (and the passage of Proposition 24) was enacted to protect California residents’ data from theft or misuse. It was also created to compel companies collecting or storing Californians’ data to initiate more effective data security practices to curb the increasing number of data breaches negatively impacting Californians.
GorillaAt the core of CCPA’s initiatives is the new responsibility placed on organizations to encrypt sensitive data. Companies across the globe have quickly complied by increasing their encryption of data at rest, in motion, and in the Cloud. But this move to mass encrypt data has inadvertently created a staggering problem for many organizations – a 500-pound gorilla – that instead of helping protect sensitive data, has quelled efforts by leaving organizations with more encryption key material than can adequately and successfully be managed without a dedicated encryption Key Management System (KMS).
More data encryption means more encryption keys. The more keys that are generated and used, the higher the odds an attacker will find a way to compromise them. Just like passwords on our computers, encryption keys must be rotated as frequently as possible. The rotation of keys increases the complexity and expense of encryption exponentially, but greatly decreases the probability of a successful attack on data.
A proper solution would be to install a highly scalable encryption key management system that fully automates the key lifecycle thereby alleviating the excessive weight additional encryption keys have put on your security strategy.
Enter: Fornetix’s VaultCore™. This patented, next generation key management solution provides a robust, simple to use, and secure “set it and forget it” approach that works actively to protect your data. The VaultCore system allows organizations to put in place a re-keying schedule that matches their desired policy, often saving organizations tens of thousands of dollars by turning a manual process into a simple click of a button, and grossly reducing errors associated with human nature.
Delivered as a physical or virtual appliance, VaultCore delivers a unified approach to data security through deploying and enforcing encryption across the entire organization – across all devices. This means an organization has the power to store and control all encryption keys for all data and helps to ensure the organization is meeting CCPA by adequately protecting data through encryption AND key management.
The most scalable KMS available, VaultCore is capable of handling over 100 million keys, more than adequate for any industry as they grow and continue to strive to meet CCPA, GDPR and the myriad of other regulations being put in place.
For a deeper dive into understanding encryption key management and how it works with your current security strategy to meet CCPA to protect sensitive data and relieve your organization’s security strategy struggles, click here to read how Encryption Key Management is Saving Companies Struggling with California Consumer Privacy Act (CCPA).
Let us consider a scenario in which an organization, a general contractor utilizing at least one subcontractor, implements a production chain security strategy powered by encryption, but NEGLECTS the addition of a key management system. You’re the CISO, responsible for the cybersecurity strategy that ensures your organization’s information assets and technologies are adequately protected.
Your team implemented standards-based encryption across the board and provided a common software platform to your supply chain partners, allowing for data to be transferred securely between your organizations…or so you thought.
Suddenly, your organization gets word from a subcontractor that they’re experiencing unusual network activity. The cybersecurity strategy you spent months creating is clear; cut off your partner’s network, lock down your data, and as CISO, stay up all night hoping the bad actor wasn’t able to permeate your network’s exterior defenses. In the interim, your IT department heads begin the grievous task of pulling reports from various locations and mulling them over to better understand any potential impact.
In the early morning hours, you find out that there was indeed a breach, courtesy of your subcontractor’s less-than-robust “secure network.” A bad actor was able to breach your defenses through your subcontractor’s weaker network, grabbed your data, and basically left unnoticed until your subcontractor alerted you to a “possible problem.” You’ve already spent a good portion of the night calculating the estimated costs of just such a breach, and you’re now faced with explaining what happened to your CEO.
The CISO who went beyond just “checking the box” for data encryption when planning their security strategy slept like a baby while his IT department went home in time for dinner with their families. The subcontractor did experience a breach, but your organization was left unscathed. Thanks to the encryption key management system you integrated with your legacy system earlier in the year, the company’s data remained secure. With the automated, short-life periodic key rotations, and the system’s robust identity capabilities, applications, and storage services, the necessary insight and controls needed to thwart this sort of next generation attack were in place and all data remained secure.
Addressing the overall security of not only your enterprise, but also those in your supply or distribution chains, in a protection-centric approach, is the most cost-effective and simple solution you can add to your current security strategy to protect your data. Learn how one encryption key management solution like Fornetix® VaultCore™ can extend the reach and power of your encryption and better protect your data from attack.
For a deeper dive into understanding encryption key management and how CISOs, CTOs, and others tasked with implementing enterprise security strategy and securing data across multiple environments can utilize a key management system to better protect their data, click here to read The CISO’s Guide to Understanding Encryption Key Management.
When considering the intersection of Roots of Trust and the accessibility of services provided by cloud architecture, reliable options quickly become scarce. That is why we at Fornetix are excited to see nCipher launch their “nShield as a Service” (nSaaS) offering. With the combination of Internet of Things (IoT) based technologies and the embracing of “as a Service” cloud capabilities, there is a growing need for HSM services that can be provisioned and integrated with cloud principles while not belonging to a specific cloud vendor. At Fornetix, we built our technology to play to the middle, enabling public, private, and hybrid cloud solutions. We are excited to see nCipher’s nSaaS solution parallel our own. We believe the joint approach will help customers embrace effective use of cryptography no matter how they use technology, whether it be cloud first/cloud native, hybrid cloud, or private cloud.
When looking at technology adoption, I am frequently reminded of Pandora’s Box from Greek mythology. This metaphor rings true when considering the Internet of Things (IoT). Whereas Pandora released a host of evils into the world, with IoT we have released new concerns associated with multiple technologies, multiple standards, scale, and security (or as I like to say, resiliency). When considering the information that flows from the edge, through the cloud, and ultimately to the data center, the lowest common denominator for protecting information is trust created by cryptography (as noted by nCipher’s Juan Asenjo in the other half of this blog series). In this blog, we are going to start by acknowledging the pitfalls of our particular Pandora and then discuss how we find hope in the solution provided by nCipher and Fornetix.
Olympic high diving requires concentration and self-control. Before divers jump off a 10-meter platform, they pause at the edge and concentrate on their goal: elegantly perform the acrobatic maneuver and gracefully pierce the water causing minimum surface disturbance. This same disciplined approach is required when adopting new and revolutionary technologies, such as those now available through the Internet of Things (IoT). Decision makers must assess the risks and benefits, consider potential difficulties, and then take the jump.
Key encryption managers have very clear differences from Hardware Security Modules (HSMs.) The main differences reside in how the HSM encryption keys can be used by a Key Manager or HSM. There are other more important differentiators, however, let’s start with how encryption key managers leverage open standards, like the Key Management Interoperability Protocol (KMIP), and what exactly an HSM is.