Encryption Key Management

Encryption key management is the process of protecting and storing encryption keys through usage policies, encryption, generation, and destruction. Not only do enterprises need to encrypt sensitive data, but they also need to protect the encryption keys that decrypt that data. Protection measures can include using encryption keys to protect other encryption keys (multiple layers of encryption), key management systems or software, and backing up keys properly. Encryption key management must meet the demands of scaling to protect ever-increasing amounts of data as well as legal demands for key management, such as appropriate security precautions and compliance regulations.

Encryption keys should only be used for a determined period of time, which depends on the sensitivity of the data they protect. The more security that’s needed, the shorter a key’s life becomes. A key’s lifespan is known as its crypto period. Keeping a key active for an overly long period of time is dangerous; it allows more opportunity for someone to gain unauthorized access to it. Part of encryption key management is generating new keys, cycling old ones out, and eventually destroying them.

Key management software is available for the cloud, but another common method of key management is the hardware security module (HSM), which stores encryption keys in a physical module. HSM-as-a-Service is another option – it provides a combination of cloud and hardware key management and storage.

The Payment Card Industry Data Security Standard (PCI DSS) requires that organizations protect customer data and encrypt it in certain cases. Encryption key management can help businesses comply with those standards because it protects data, makes regular changes to encryption keys, and backs keys up.

Key management API

A key management application program interface (API) performs key management and key usage functions. Key management involves storing, creating, and destroying encryption keys; usage involves managing permissions, decryption, and authorization/authentication – transferring keys to the appropriate user when requested. Large cloud providers will have request forms or codes available (on their website, for example) so that users can submit an access request for their key.

Webopedia Staff
Webopedia Staff
Since 1995, more than 100 tech experts and researchers have kept Webopedia’s definitions, articles, and study guides up to date. For more information on current editorial staff, please visit our About page.
Get the Free Newsletter
Subscribe to Daily Tech Insider for top news, trends & analysis
This email address is invalid.
Get the Free Newsletter
Subscribe to Daily Tech Insider for top news, trends & analysis
This email address is invalid.

Related Articles

Virtual Private Network (VPN)

A virtual private network (VPN) encrypts a device's Internet access through a secure server. It is most frequently used for remote employees accessing a...

Gantt Chart

A Gantt chart is a type of bar chart that illustrates a project schedule and shows the dependency between tasks and the current schedule...

Input Sanitization

Input sanitization is a cybersecurity measure of checking, cleaning, and filtering data inputs from users, APIs, and web services of any unwanted characters and...

IT Asset Management Software

IT asset management software (ITAM software) is an application for organizing, recording, and tracking all of an organization s hardware and software assets throughout...

ScalaHosting

ScalaHosting is a leading managed hosting provider that offers secure, scalable, and affordable...

HRIS

Human resources information system (HRIS) solutions help businesses manage multiple facets of their...

Best Managed Service Providers...

In today's business world, managed services are more critical than ever. They can...