|
|
|
In a new article in the Computer Technology Review, Dore Rosenblum says companies "are now looking beyond traditional perimeter-based security methods to secure data and are focusing on securing the data residing on the storage within their organizations (data at rest) and data moving between their systems on the network and storage devices (data in flight). This is known as storage security." According to Rosenblum, storage security includes three components: authentication, access control and encryption. But to ensure security, Rosenblum says companies must put processes into place "that allow for complete control and security of the keys used to encrypt and decrypt the data. Key management is the process used to provide this control." Key management, Rosenblum says, combines the devices, people and operations required to create, maintain and control keys. Security plays an important part of key management, in the form of access control and logging. Throughout the article, Rosenblum discusses the ins and outs of key management, and recommends a number of best practices to help managers implement key management at either single or multiple sites. "While architecting a complete key management system can be time-consuming, companies must implement a key archive and backup policy, with appropriate access controls, to minimize risk," Rosenblum says. To read the full article, click here: http://www.wwpi.com/index.php?option=com_content&task=view&id=1210&Itemid=44
|
