Need of a KMS
IT security is a process which needs to be established in each company working with sensitive data. A suitable cryptographic key management system (crypto KMS) has to go far beyond a conventional password manager. All IT security-relevant processes in a company require proactive security support using a central approach.
The core elements of security processes are keys and certificates. During the entire key management lifecycle, a key management system has to store and manage a large number of "secrets" (SSH keys, API keys, certificates, etc.). It is essential that organizations have an overview at any point in time how keys and certificates are used on their network. Many companies use a large number of keys and certificates without central control. For example, it is not known who has access to which keys or there is no dedicated role and rights management.
But if keys and certificates are not secured effectively, the company is vulnerable to attacks. It is essential that organizations have an understanding of what keys and certificates are used on the network. They need to know who has access to them and need to control how and when they are used.
Keep Crypto Processing Costs low!
If each department will manage its own security processes, the complexity and handling costs will increase dramatically with the growing number of keys and certificates being used in different applications. Due to constant changes in security policies, obligations, strategies the security management effort is increasing. The recommendation of NIST (2016) shows, how frequently different key types should be changed to protect the systems securely. A manual process of monitoring and updating is time-consuming, increases the failure rate and causes very costly downtime risks.
Central Key Management System
A central key management system (KMS) provides an overall picture of the key material used in the company. It enables controlled access to encrypted data in accordance with the IT security strategy.
The administration of all keys in a central location prevents unauthorized access, as well as their monitoring and control of the validity of the certificates and keys used. Against this background, a central key management system is becoming increasingly important and essential for the implementation of a cost-effective IT security lifecycle management.
In the company's internal infrastructure, the keys and certificates are widely distributed between different actors. These are not only machines (such as PCs), but also human participants accessing the infrastructure. The fast and easy integration of storage devices, networking devices, personal devices with embedded storage (e.g. Personal Computers, Handheld Computers, Cell Phones), Databases etc. is therefore an important task. Using KMIP (Key Management Interoperability Protocol), the connection of different systems for cryptographic key operations is standardized by OASIS (Organization for the Advancement of Structured Information Standards). There are many well-known companies that have already integrated the KMIP protocol.
MTG KMS solves the complexity of managing cryptographic keys in accordance with corporate business processes.