The Renaissance of Enterprise Key Management and the Barbarian Hordes
Enterprise Key Management: Fact and Fiction
Key
Management is critical to the security of any
system that secures information with cryptography
– this includes everything from storage devices
to email encryption to securing sensitive information
in databases and applications to payment transactions.
In fact it is arguably the most difficult aspect
of cryptography because it involves policy, users,
business interactions — internally and
externally — and co-ordination between
all of these activities. Many standards efforts
are underway to help organizations make sense
of competing requirements.
This
seminar will describe the history of key management
and the challenges faced by organizations today.
Our subject matter experts will go on
to describe some of the innovations in key management
and the evolution of standards, such as KMIP,
that will pave the way to a renaissance in enterprise
key management.
If you are new to the concepts of key management, this seminar will give you a great grounding.
If you are familiar with this subject you will learn about how key management can be simplified and where it is going in the future
The discussion will be led by Terence Spies, CTO of Voltage Security, an expert in security and cryptography. While at Microsoft, Terence started the public key cryptography group and led the development of Microsoft Crypto API. Terence also led the development team for the Microsoft Certificate Server and led the integration of the certificate server and active directory. Terence is currently serving as chair of X9F1 – the standards committee that sets encryption algorithm standards for the financial industry.
“Encryption is easy; key management is hard.” That
classic saying neatly encompasses the need for
key management: while many tools can provide
encryption capabilities, where do the encryption
keys come from? Key Management is the set of
administrative and operational processes needed
to manage cryptographic keys used for encryption
of systems or data.
Typically, key management encompasses three functions:
Providing an encryption key for a user or system that wants to protect data
Providing the appropriate decryption key for a user or system that wants to access encrypted data
Allowing an administrator to specify policies that dictate who can get which keys, how keys are recovered, and how users must authenticate
In this seminar you will learn how these capabilities are handled today, and how new innovations are simplifying key management processes to make these operations work in concert, instead of in conflict, with your business processes.
