I’m stunned by how often we see large PKI implementations where certificate and private key management were an afterthought if they were ever even considered before an unexpected system failed.
Salt Lake City, UT (Vocus) April 1, 2010
Venafi, Inc. (http://www.venafi.com) today released a new white paper to educate organizations on the security risks they face when encryption keys are not properly monitored and managed.
Visit this link to download a free copy of the paper (http://www.venafi.com/Collateral_Library/Venafi_PCI%20Compliance_Whitepaper.pdf)
The Payment Card Industry Data Security Standard (PCI DSS) calls for cryptographic key management, but it does not distinguish between keys used for symmetric and asymmetric cryptography. Both key types must be properly secured in order to meet the spirit of the regulation, and more importantly, to mitigate against security vulnerabilities and outages. In most organizations, the private keys—a critical component of widely deployed Public Key Infrastructure-based encryption schemes—are not being adequately protected by organizations.
“Once data is encrypted, the key, and not the data itself, becomes the asset that must be secured,” said Venafi CEO Trell Rohovit. “I’m stunned by how often we see large PKI implementations where certificate and private key management were an afterthought if they were ever even considered before an unexpected system failed.”
While the PCI security council and industry pundits agree that the current version of PCI DSS mandates protections for private keys in spirit, the language is vague. In addition, most auditors do not penalize organizations who have not addressed this problem, because they are unaware of commercial solutions such as the products Venafi offers that can help organizations quickly and efficiently get a handle on these difficult and high-risk assets.
The new Venafi white paper provides specific information about the role and importance of enterprise-wide key management and how to address it. For more information please visit http://www.venafi.com/Director.
Venafi invented systems management for encryption to help organizations simplify the management of encryption technologies across their diverse operating systems and infrastructure environments from the desktop to the datacenter. Venafi provides automated management of encryption assets, including discovery, monitoring, alerts, lifecycle management and automated application configuration. This helps organizations reduce downtime and improve operational efficiency and data security. Venafi solutions manage mission-critical encryption systems at some of the world’s most prestigious organizations in industries including financial services, insurance, high tech, telecommunications, government, airline, aerospace, healthcare, food services and retail. For more information, visit http://www.venafi.com.