If someone would have told me a decade ago that cryptography would be the next wave of security innovation – I would have responded with Crypto what? My tech career has stretched to close to two decades running sales and channel for major security players – at first in antivirus, antispam, anti-malware and now to the evolution of cybersecurity – more specifically, cryptographic key management. The data you encrypt or want to encryption and key management so closely align in today’s enterprise as it’s the one way to ensure that not only is the data not accessed, but that it is also not misused once breached.
Many enterprises are unaware of where their most sensitive data resides, who has access to it, and if it is being fully secured in today’s threat landscape. This data could be sensitive data or mission critical to their business. Although not all data is equal, it is vital that organizations understand the complexities, what and how to classify it and how to ensure that encryption is synonymous with key management.
Operationally, large organizations traditionally will work with many different key management solutions to help protect their data, each integrated with only a subset of applications and environments, and often providing very limited capabilities. And while to a large-scale enterprise the approach may be to encrypt this, protect this, manage that – the layers of tools that begin to build with that approach can quickly become a source of financial, maintenance and resource burden.
This results in a lack of visibility across the organization and makes deploying company-wide policies difficult. This increased complexity not only has financial ramifications but also impacts security. MSSPs play an important role in helping organizations audit, manage, secure and automate how they can view their mission critical secrets, sensitive data and protect against data misuse.
My advice to MSSPs is to provide a unified key management platform for their customers to orchestrate and manage enterprise key stores, anywhere, any cloud, anytime. Whether your customers’ data sits on-premise, in the cloud, multiple clouds or a hybrid infrastructure scenario – MSSPs will benefit from having a single pane of glass for managing keys, data encryption, policy, as well as centralizing audit logs into a single platform. I encourage all MSSPs who are looking to optimize and close the type of gaps we’ve seen lately with supply chain attacks such as SolarWinds, to consider a unified cryptographic key management strategy. Your customers will thank you.
Guidance for MSSPs: For more information on cryptographic security solutions for information, identity, and digital assets/blockchain, visit here.
Author Rocco Donnino is VP of strategic alliances at Unbound Security. Read more Unbound Security guest blogs here.