The management of the encryption keys

The management of the encryption keys lifecycle by an entity is a complex activity as it involves several aspects and makes it necessary to ensure:

  1. How to generate encryption keys with security
  2. Who to provide them
  3. Where, when and how to perform backups, if required
  4. Where to store them
  5. When to suspend them
  6. How to ensure their effective and timely elimination

 

The management of the encryption keys lifecycle by an entity is a complex activity as it involves several aspects and makes it necessary to ensure:

The management of the encryption keys

Data protected, with all security

The Cloud Key Server allows you to have your data in the cloud, or in the custody of third parties (for example, in the case of hiring an entity that preserves your backups), without worrying about unauthorized access to the data (because they will be encrypted) or the encryption keys management.

Capabilities of the Cloud Key Server:

  1. centralized service of cryptographic keys management
  2. it allows managing policies for creation, usage, suspension and elimination of keys, in a transversal, secure and transparent way
  3. it facilitates the process of complying with the regulations (e.g. legal, PCI-DSS, Article 29/CNPD-national commission for data protection) and standards
  4. it works optionally in SaaS mode or as License (if one wants the service to work locally, within the organization)

The Cloud Key Server benefits

Reduces costs
  • The encryption and key management costs are reduced, through centralized management of the encryption keys lifecycle, and the possibility of automatic operations,

 

  • Facilitated integration through the integration API, based on modern standards (usually the hardware and software are already prepared to interact with the servisse)
It has the power to recover keys

The service being centralized, there is assurance that all data is properly preserved and therefore fully recoverable.

Interoperable system and with centralized management

Based on open standards supported by software recognized on the market and therefore interoperable

Audit Logs

Through cryptographically signed audit logs and local and/or remote records (syslog), all events are registered and therefore, all operations can be consulted and audited.

Security
    • It allows separating data management from key management – if a group of people holds the encrypted data and another group holds the encryption keys, only the union of these two groups will allow access to data. Thus, the possibility of unauthorized access to data is reduced.
    • It enables a uniform and transversal management policy throughout the organization (key lengths, algorithms)
    • Quick and easy update of information (access, suspension, deletion of keys and creation of new, among other)
    • Based on certified hardware
    • Use of a uniform and universal policy, which leads to lower propensity to errors and helps maintaining consistency and auditability