The costly problem of crypto-creep

By

Don't deploy encryption in isolation.

Vince Lee is regional director of SafeNet Australia and New Zealand.

The costly problem of crypto-creep

The rolling news of yet more alleged NSA spying has made encryption a hot-button issue, but organisations looking to lock down their data need to avoid increasing maintenance and management costs.

Increasing costs can be a product of so-called encryption-creep, caused when organisations continue to deploy encryption-dependent systems like secure web services, encrypted backups, certificate authorities or other encryption solutions in isolation.

Win a Nexus 7 in Safenet's crypto survey
Win a Nexus 7 in Safenet's crypto survey

Creep makes it difficult to contain the costs of key management, meeting compliance mandates and completing security audits.

In most cases, the increasing creep of disparate, isolated pods of encryption deployments scattered across workgroups, infrastructure elements, and other locations occurs over many years.

We recently worked with a large organisation that became swamped by encryption creep after deploying a series of crypto platforms over many years. Their costly problems were indicative of many others we have seen.

Central to the business' problems with creep was that it deployed new encryption solutions as needed, rather than as part of a conscious evolution of security policy. When it needed to encrypt a database, they bought a solution that did the job for the right price. When they needed to sign code for some firmware updates, they did the same. After years of deploying encryption platforms, they became swamped in administration and management costs.

While the platforms worked, it was close to impossible for them to audit their cryptographic keys and the key management of their disparate encryption platforms became a time sink.

The business eventually fought the problem by centralising its key management and providing controlled access to the people and departments who needed it.

Their centralised platform stored cryptographic keys in hardware making control, audit,management and reporting easier and cheaper.

But not every organisation could do this.

It first required that an organisation have visibility over all of its encryption keys, the systems they operate on and how they could be managed.

Got a news tip for our journalists? Share it with us anonymously here.

Copyright © SC Magazine, Australia

Tags:
encryptionopinionsafenetsecurityvendors

Sponsored Whitepapers

Datacom + Microsoft Azure: Turn Ideas Into Impact in Just 4 Weeks
Datacom + Microsoft Azure: Turn Ideas Into Impact in Just 4 Weeks
Protect APIs. Protect Your Business.
Protect APIs. Protect Your Business.
KnowBe4 Benchmark Report: Reducing Human Risk & Phishing Vulnerability in ANZ
KnowBe4 Benchmark Report: Reducing Human Risk & Phishing Vulnerability in ANZ
Modern Identity for SAP and Beyond: Replace SAP IDM with Saviynt
Modern Identity for SAP and Beyond: Replace SAP IDM with Saviynt
Saviynt Simplifies GRC and Access Control for SAP and Beyond
Saviynt Simplifies GRC and Access Control for SAP and Beyond

Events

Most Read Articles

SA Water plans 'once-in-a-generation' core technology uplift

SA Water plans 'once-in-a-generation' core technology uplift
Ex-student charged over Western Sydney University cyberattacks

Ex-student charged over Western Sydney University cyberattacks
WhatsApp banned on US House of Representatives devices

WhatsApp banned on US House of Representatives devices
Victoria's first government tech chief steps down

Victoria's first government tech chief steps down
techpartner.news logo
Dave Stevens on Brennan's evolution and the need for Aussie tech unity
Dave Stevens on Brennan's evolution and the need for Aussie tech unity
Sydney's ITKnocks on contact centre AI and the slow death of the IVR
Sydney's ITKnocks on contact centre AI and the slow death of the IVR
"It's an exciting time to be part of the health and aged care sector"
"It's an exciting time to be part of the health and aged care sector"
Insicon founder Matt Miller on the coming 'tsunami' of compliance and educating boards about cyber security
Insicon founder Matt Miller on the coming 'tsunami' of compliance and educating boards about cyber security
Orro claims Australia first with managed digital asset discovery service
Orro claims Australia first with managed digital asset discovery service

Log In

  |  Forgot your password?