Vince Lee is regional director of SafeNet Australia and New Zealand.
The rolling news of yet more alleged NSA spying has made encryption a hot-button issue, but organisations looking to lock down their data need to avoid increasing maintenance and management costs.
Increasing costs can be a product of so-called encryption-creep, caused when organisations continue to deploy encryption-dependent systems like secure web services, encrypted backups, certificate authorities or other encryption solutions in isolation.
Creep makes it difficult to contain the costs of key management, meeting compliance mandates and completing security audits.
In most cases, the increasing creep of disparate, isolated pods of encryption deployments scattered across workgroups, infrastructure elements, and other locations occurs over many years.
We recently worked with a large organisation that became swamped by encryption creep after deploying a series of crypto platforms over many years. Their costly problems were indicative of many others we have seen.
Central to the business' problems with creep was that it deployed new encryption solutions as needed, rather than as part of a conscious evolution of security policy. When it needed to encrypt a database, they bought a solution that did the job for the right price. When they needed to sign code for some firmware updates, they did the same. After years of deploying encryption platforms, they became swamped in administration and management costs.
While the platforms worked, it was close to impossible for them to audit their cryptographic keys and the key management of their disparate encryption platforms became a time sink.
The business eventually fought the problem by centralising its key management and providing controlled access to the people and departments who needed it.
Their centralised platform stored cryptographic keys in hardware making control, audit,management and reporting easier and cheaper.
But not every organisation could do this.
It first required that an organisation have visibility over all of its encryption keys, the systems they operate on and how they could be managed.