Prime Factors Blog

Stay Adaptable, Stay Safe: How Encryption Key Management Can Thwart Hackers

Posted by Pete Flagella on Apr 13, 2017 10:00:00 AM

Find me on:


While you likely would never give your house keys to a stranger, many of us are doing this when it comes to securing important information online. Many applications that we use every day allow third-party providers to access our data, and it can be difficult to know if these providers are properly securing this information. By adding encryption key management to your current security procedures, you can use apps without worrying about compromising private data.

To learn how encryption can lower the cost of regulatory compliance while enhancing security, download our white paper Reducing the Cost of Regulatory Compliance with Encryption 

Encryption 101

To properly secure company data, robust encryption measures need to be implemented and used consistently. Encryption uses a random set of characters to render data unreadable. The data will remain unreadable until it is decrypted at a later time using the correct key. There are two different types of encryption most often used: symmetric-key encryption, which uses one key to encrypt and decrypt private data, and asymmetric, which uses a public key to encrypt and a private key to decrypt. Asymmetric encryption is also referred to as public key encryption

While 128-bit encryption has historically been thought of as quite strong, hackers are always looking at ways to exploit encryption methods, and it’s therefore recommended that companies begin to use 256-bit keys to ensure their data remains secure.

Importance of Proper Encryption Key Management

While it may seem obvious, it’s worth noting that anyone who has access to an encrypted file and the key that can unlock it can view the data. This concept is relatively simple, but how various services manage these keys and control access to your data can be very different.

Some of the most common cloud providers, like Dropbox and Google Drive, use encryption, but they control both your data and your encryption keys. This means that they have direct access to your data, which could be turned over to a government agency without your permission, or to a hacker that somehow infiltrated their servers.

Additionally, these commonly used cloud providers don’t always offer sufficient key management features for businesses that may require capabilities such as proper access management and granular control. Using these providers, a company may only have one encryption key that is used by a cloud provider to secure all their data. This makes it difficult to create multiple levels of access through multiple encryption keys. Would you want data such as PCI information, trade secrets, and other highly-sensitive information all protected with just one encryption key that is available to all your employees?

With an encryption key management tool, organizations can grant users access to the least amount of data needed to do their job, and nothing more. Access to data that is highly proprietary should only be given to a select few people within a company, which can help to decrease the chance that this data will be exposed.

In addition to better controlling access to data, key management allows organizations to meet various compliance standards, distribute keys from a central application, and change keys periodically, as well as retire or replace old keys that may have been compromised. This level of security helps enterprises stay ahead of both potential hackers and insider threats that could cause disaster if left unchecked.

Using encryption is important, but using it incorrectly can still leave your company exposed. And effective encryption key management is critical.

To learn more about the importance of encryption key management and how encryption can be employed effectively, feel free to reach out to our team today at 888-963-6358 or through our contact form.


To learn how encryption can lower the cost of regulatory compliance while enhancing security, download our white paper Reducing the Cost of Regulatory Compliance with Encryption.  

Topics: encryption, PCI Data Encryption, encryption keys