cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Showing results for 
Search instead for 
Did you mean: 
Newcomer III

Encryption key management software - what do you like?

What do people like for Encryption Key Management software?    Have you implemented a single solution for your firm, or is a departmental/business-line choice?

 

Thanks in advance

6 Replies
Community Champion

Re: Encryption key management software - what do you like?

Thales N-shield HSM.  Only our "security department" is sufficiently "paranoid" to worry about this.  The "lines of business" depend upon us to provide the tools and procedures.  This is one of those few areas where hardware is better than software.

Community Champion

Re: Encryption key management software - what do you like?

HSMs, always about secure key storage for me, for the most part, it's been either Thales NCipher or Gemalto SafeNet.  One contender you could consider is Utimaco, I came across them at a stand last year and Sophos had spun them out. They would need to operate a very tight ship being German. Of course, all HSM providers have some sort of management solution.

 

Another solution for storage might be on smart cards - as required for 'Qualified Digital Signatures'*.

 

Specifically, with regards to software, Venafi is the key management beast and covers everything if you have a broad use case I've not seen anyone beat them. 

 

Though a lot depends on what kinds of keys and where Digicert(spun out of Symantec) has a managed PKI that works for certificates, Tectia can do SSH, Cyberark can do some of these plus privileged user management and secret injection into containers.

 

OP, What sort of 'keys' are we talking about here?

 

*These are really a thing, big in Europe and, nope sadly are not hashes encrypted with private keys that studied at university... Smiley Tongue

 

 

 

 

Newcomer III

Re: Encryption key management software - what do you like?

To be honest, I was actually thinking more of software encryption key management when I asked the question.    

Community Champion

Re: Encryption key management software - what do you like?

Another good approach is to look at who implements Key Managment Interoperability Protocol(KMIP) and is recognized by OASIS. There is probably a days research contained in that list for you.

 

https://wiki.oasis-open.org/kmip/KnownKMIPImplementations

 

 

 

Viewer

Re: Encryption key management software - what do you like?

If you are a VMware user with Vsphere 6.5 you could look at the QuintessenceLabs qCrypt KMS VM software version.

 

https://www.quintessencelabs.com/wp-content/uploads/2018/04/qCrypt_200V_Spec-Sheets_2018.pdf

 

Regards

Rob

Community Champion

Re: Encryption key management software - what do you like?

If you are supporting a U.S. Federal agency only HSM's meet the standards established by NIST. This is a hardware implementation.

 

Most software implementations are not secure enough to make me want to ever store the "keys to the kingdom" in them.