Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
DHerrmann
Contributor II
‎02-19-2018 01:24 PM
‎02-19-2018 01:24 PM

Encryption key management software - what do you like?

What do people like for Encryption Key Management software?    Have you implemented a single solution for your firm, or is a departmental/business-line choice?

 

Thanks in advance

Reply
0 Kudos
6 Replies
denbesten
Community Champion
‎02-19-2018 05:43 PM
‎02-19-2018 05:43 PM

Thales N-shield HSM.  Only our "security department" is sufficiently "paranoid" to worry about this.  The "lines of business" depend upon us to provide the tools and procedures.  This is one of those few areas where hardware is better than software.

Reply
Early_Adopter
Community Champion
‎02-20-2018 01:56 AM
‎02-20-2018 01:56 AM

HSMs, always about secure key storage for me, for the most part, it's been either Thales NCipher or Gemalto SafeNet.  One contender you could consider is Utimaco, I came across them at a stand last year and Sophos had spun them out. They would need to operate a very tight ship being German. Of course, all HSM providers have some sort of management solution.

 

Another solution for storage might be on smart cards - as required for 'Qualified Digital Signatures'*.

 

Specifically, with regards to software, Venafi is the key management beast and covers everything if you have a broad use case I've not seen anyone beat them. 

 

Though a lot depends on what kinds of keys and where Digicert(spun out of Symantec) has a managed PKI that works for certificates, Tectia can do SSH, Cyberark can do some of these plus privileged user management and secret injection into containers.

 

OP, What sort of 'keys' are we talking about here?

 

*These are really a thing, big in Europe and, nope sadly are not hashes encrypted with private keys that studied at university... 😛

 

 

 

 

Reply
DHerrmann
Contributor II
‎02-20-2018 03:55 PM
‎02-20-2018 03:55 PM

To be honest, I was actually thinking more of software encryption key management when I asked the question.    

Reply
0 Kudos
Early_Adopter
Community Champion
‎02-21-2018 01:08 AM
‎02-21-2018 01:08 AM

Another good approach is to look at who implements Key Managment Interoperability Protocol(KMIP) and is recognized by OASIS. There is probably a days research contained in that list for you.

 

https://wiki.oasis-open.org/kmip/KnownKMIPImplementations

 

 

 

Reply
0 Kudos
silvermk4
Viewer
‎04-18-2018 08:31 PM
‎04-18-2018 08:31 PM

If you are a VMware user with Vsphere 6.5 you could look at the QuintessenceLabs qCrypt KMS VM software version.

 

https://www.quintessencelabs.com/wp-content/uploads/2018/04/qCrypt_200V_Spec-Sheets_2018.pdf

 

Regards

Rob

Reply
0 Kudos
Flyslinger2
Community Champion
‎05-15-2018 11:28 AM
‎05-15-2018 11:28 AM

If you are supporting a U.S. Federal agency only HSM's meet the standards established by NIST. This is a hardware implementation.

 

Most software implementations are not secure enough to make me want to ever store the "keys to the kingdom" in them.

Reply
0 Kudos