New Cryptomathic White Paper Helps Organisations Navigate Complex Key Management Compliance Requirements
January 2016 by Cryptomathic
Cryptomathic has published a free to download white paper which offers advice and guidance to banks and other organisations with large amounts of sensitive data, on how to achieve and sustain cryptographic key management compliance in a cost-effective manner.
The white paper, titled: ’Key Management Compliance - Explained’, provides
a high-level, yet comprehensive overview of all major topics that have to
be considered for compliance purposes. It also explains that where
requirements are highly dependent on standards and rules applicable to
various industries and individual businesses, there is rarely a single
defined common approach which must be adhered to in order to achieve and
maintain compliance.
The paper outlines that those with compliance responsibilities within a
business - whether compliance managers, IT security personnel, CISOs etc. - must conduct holistic assessments to understand what is relevant to
their specific business processes and industry requirements. They must
then build appropriate routines into the day-to-day operations of a
business, rather than approach compliance and audits as projects to be
addressed on an ’as needed’ basis.
In support of this, the white paper outlines the importance of determining
which compliance authorities are relevant to individual businesses. To
bring clarity to companies seeking to better understand the landscape, the
document provides an overview of the major compliance authorities that
have a significant impact on key management compliance, particularly in
the financial sector.
The paper further enables organisations to understand the main areas and
issues to consider when addressing crypto key management compliance, by
highlighting three core areas, namely certification, standards and audits.
It provides greater detail by examining key compliance domains, such as
physical security, logical security and personnel security, and provides
information on compliance audit processes.
The white paper explains the importance of managing keys and provides
recommendations on how to streamline and automate key management processes
while managing costs effectively and ensuring scalability. The impact that
compliance can have on the architecture of key management solutions is
also explored along with advice for readers on how to optimally achieve
compliance while simplifying audits.
"Regardless of which system or solution is used, cryptographic keys always
need to be managed using highly secure processes," comments Morten
Landrock, Executive Vice President, EMEA, Cryptomathic. "Compliance
requirements are dynamic and continuously evolving, which can make the
process of building a long-term compliant key management system
challenging. This paper is intended to bring clarity to the complex, and
ever evolving, subject of compliance, while highlighting the crucial role
that internal and external compliance requirements play in ensuring secure
key management processes.
"The realisation of compliance is a strong business driver, but if not
carefully approached, it can add significant overheads to business
operations and does not necessarily result in better security. As such, it
is critical that compliance requirements and the processes needed to
achieve them, are built into a solution from the very outset."