Read this article. It provides a summary of the Thales report "What Auditors Think about Crypto Technologies", which is based on sponsored research recently conducted by The Ponemon Institute. One key point of interest to me is the mention that the use of HSMs for encryption and key management reduces the time spent on demonstrating compliance with privacy and data protection requirements. The key word here is "compliance". It doesn't mean that it is more secure. In fact, IT organisations often thought that deploying HSM is the be all and end all, and often neglect key management. Key management to many of them means key generation and usage. Little thought is put on key expiry, rollover and renewal.
http://it.tmcnet.com/news/2011/03/17/5384344.htm
No comments:
Post a Comment