Ever since California passed the first breach disclosure law (SB-1386), reading/hearing/watching the news has become a stressful experience. The number and scale of breach disclosures has become staggering in the last 2 years. Trying to keep your company out of the evening news is now, priority #1.

Encrypting sensitive data in applications is recognized as the last line of defense in a layered approach to security. However, the traditional approach of allowing the application developers/vendors to come up with an encryption solution could actually result in weakening security. This happens because each application manages its own keys today, and no two key-management schemes are alike in their Operations, Administration & Maintenance (OA&M) activities.

This results in having to specify policies in different ways, having to ensure that different OA&M procedures result in effective implementation of that policy, having to audit multiple key-management solutions, etc. This is not what effective security management is all about - least of all in your last line of defense!

Paradigm Shift

However, that model of key-management is in the past. For the first time, an open-source symmetric key-management solution for the enterprise - StrongKey - breaks the old paradigm to bring you new efficiencies in key-management:

• Instead of key-management silos or islands, StrongKey gives you a single, enterprise-wide key-management infrastructure that can meet the needs of the business unit, the application developer, the IT operations people - and of course, your own security requirements;
• Instead of having to deal with multiple key-management schemes, procedures, training and audits, StrongKey gives you a single place to define policy, single set of OA&M procedures to ensure that the entire enterprise's key-management needs are being addressed;
• Instead of paying hundreds of thousands of dollars for proprietary, stand-alone and dissimilar solutions, you can now have an open-source, standards-based, enterprise solution at a fraction of the cost;

All this, while ensuring that you can meet the stringent encryption requirements of PCI-DSS, HIPAA, GLBA and/or SB-1386 (and its equivalent laws)!

 Meets - and exceeds - someof the toughest security standards

StrongKey was created to meet the real-world security requirements of a billion-dollar retail organization, processing millions of credit-card transactions each year in more than 400 stores across the US and Canada. StrongKey:

• Supports the use of 3DES and AES algorithms for symmetric encryption;
• Uses RSA asymmetric keys - upto 4096-bits - to encrypt the symmetric keys;
• Uses strong authentication to authenticate requests from clients;
• Responds to every request with digitally signed messages so clients are not spoofed into accepting "pre-breached" symmetric keys (keys that were created by an attacker on a spoofed server);
• Provides granular ACLs for providing access to symmetric keys;
• Digitally signs - and verifies - every object stored in the database ? so the message integrity of your data is guaranteed;
• Integrates with FIPS 140-2 Levels 1-4 cryptographic modules on the client and the server, to protect the authentication and transport keys between clients and servers;

In addition to the security features, StrongKey also provides these benefits:

Read about StrongKey on these pages, and contact us when you're ready to discuss how it can help solve your key-management problems, once and for all. Not just for your laptops, applications or databases - but for your enterprise!