Encryption Key Management for Applications

Because encryption keys are typically embedded in an application's source code or configuration files, they are exposed to developers, IT & operations personnel, DBAs and others. Misuse of these keys can lead to data tampering, leakage and eventually to financial losses.

Embedded encryption keys can be found almost anywhere. Some typical use-cases are: Cyber-Ark Software and the PCI Data Security Standard

• Billing systems that encrypt credit card data
• Homegrown systems with no methodological key-management component
• SSH keys used for secure encrypted communication between clients and servers
• Distributed or point-of-sale applications and kiosks - encryption keys are used to secure communications to the computing center

When applications interact with each other or with databases, it becomes a challenge to protect and manage the associated passwords and credentials. If a password or key is compromised, the recovery process is complex and may require source code changes or application rebuilds. This leads to system downtime and slower response time to security events.

Hard-coded or static keys and passwords are treated specifically in security regulations such as PCI and must be handled by enterprises in order to retain compliance.