COMMENT
The alternative, and the route Box is taking,
is to take the third party provider out of the
equation and put the keys in the hands of
the customer. While this may seem like a
daunting, do-it-yourself approach, it actually
makes sense if you need eliminate any
chance of a vendor exposing your keys.
If this becomes a trend, it should not come
without a warning; key administration is
an involved practice that can create its
own problems if done incorrectly. The
basic tasks include key creation, rotation
and deletion on a continuous basis. Each
of these steps is, in itself, sensitive and
time-consuming. Missteps can create new
vulnerabilities, most notably the loss of
keys resulting in permanent loss of data.
For these, reasons, managing your own
keys is a challenge many organizations
don’t wish to take on.
Still, with all that said, it is encouraging
that more and more high-profile services
and organisations seem to be giving
serious thought to the nuances of
www.intelligentcio.com
THE FACT THAT MAJOR
CLOUD HEAVYWEIGHTS
ARE DIVING INTO THIS
TECHNOLOGY IS A SIGN
THAT KEY MANAGEMENT
IS BEING TAKEN MORE
SERIOUSLY, AND
RIGHTLY SO. THE ABILITY
TO DEMONSTRATE
CONTROL OF DATA IS
CRITICAL TO MEETING
COMPLIANCE MANDATES
encryption, especially key management.
Determining who should be in control
of the keys to your most sensitive data
is a critical element that is taking on a
new place of prominence. In light of
what seems to be an increasingly hostile
threat landscape, even the average
person is becoming more fluent in the
basics of security, and customers are
asking smarter questions. “Where are my
keys?” becomes a sharp question rather
than a sign of confusion.
High profile hacks are propelling
encryption to the forefront, which is
why we’re seeing more organisations
publicly looking for the smartest way
to address the “Whose keys are they,
anyway?” question. No matter how they
answer it, clearly-defined ownership and
responsible management is the most
important thing. It’s interesting to see
this play out publicly, and ultimately
everyone should benefit as some of our
most well-known tech companies look for
the best answer.
INTELLIGENTCIO
25