Today's post comes from Anne Lescher, Product Marketing Manager, IBM Security Solutions.
Encryption is the ultimate solution for protecting sensitive data. But many practitioners are reluctant to utilize encryption due to concerns of performance overhead, disruption to their operations and changes required in their applications, and encryption key management complexity. But the biggest fear of all is losing all access to encrypted data if the encryption key is ever lost or forgotten.
In most cases, organizations have less and less choice over when and how to encrypt information as more and more industries and governments enact legislation and standards that mandate the use of encryption.
- Healthcare industry via HIPAA HITECH in the US protects sensitive patient information.
- Retail transactions mandate encrypted payment card information with PCI-DSS Standards.
- Personal financial information must be protected as regulated by SOX, GLBA, etc.
- Breach notification regulations include 45 US states, national laws protecting their citizens data such as in Italy, the recent rules changes for the EU Directive on Privacy and Electronic Communications, etc.
- Centralize and automate encryption key management process
- Work with hardware based encryption built into a variety of IT components like self encrypting tape and disk drive
- Reduce the number of encryption keys to be managed through techniques like key wrapping of unique keys per device
- Simplify encryption key management with an intuitive user interface for configuration and management
- Maintain performance by using hardware acceleration and not slowing down data access paths
- Facilitate compliance management of regulatory standards with proof of encryption for safe harbor from disclosure requirements
- Leverage open standards like the OASIS standard Key Management Interoperability Protocol (KMIP) to give the choice of best of breed components and facilitate vendor interoperability
- Operate transparently without requiring code modification