Rechercher
Contactez-nous Suivez-nous sur Twitter En francais English Language
 

Freely subscribe to our NEWSLETTER

Newsletter FR

Newsletter EN

Vulnérabilités

Unsubscribe

Why banks must look beyond today’s crypto key management standards

January 2017 by Stefan Hansen, Marketing Manager, Cryptomathic

Banking operations are diversifying, fast. Outsourcers control more of many big
banks’ core and non-core operations than ever before. The age of mobility has dawned
and vastly increased both the number and the kind of devices that are interfacing
with banks’ core systems. Widespread adoption of cloud computing across the sector
has triggered vast quantities of previously centralized data to be migrated to a
remote environment. Put another way, the technological underpinnings of a bank are
becoming ever-more disparate, with new links in and out of their infrastructure
being established every day. This ‘mass-diversification’ is enabling banks to
conduct business faster and with greater efficiency than ever before. The cost,
however, comes in terms of security and interoperability.

Cryptography plays a fundamental role in protecting sensitive data, but the variety
of proprietary systems and protocols available has added to ‘the complexity
challenge’ that banks face when deploying and managing this essential layer of
security. The wide-ranging adoption of ‘crypto’ among banks has partly been enabled
by the establishment of industry standards, most notably the Key Management
Interoperability Protocol (KMIP), which has promoted the standardization of
integration protocols for key management systems.

In these changing times, however, if banks want to continue to establish seamless
interoperability and realize the operational fluidity promised by their newly
diversified infrastructures, they must look beyond KMIP.

The KMIP standard has, fundamentally, been a great force for good in the banking
world. Nonetheless, the standard only addresses specific areas or ‘interoperability
protocols’ for key management. In other words, it has created a standard integration
environment in which keys can be managed. Unfortunately, this is only one small
piece in the overall puzzle of crypto management. Banks now need help to securely
and efficiently manage the vast number of keys in their distributed environments.
They also need help with how the keys can be used to deliver cryptography.

As banks’ systems have diversified, cryptography too has evolved, from a centralised
‘mainframe’ model to a series of distributed stand-alone systems with network-based
‘Hardware Security Modules’ (HSMs). This fragmentation is resulting in banks’
cryptography becoming application-specific or siloed, making it inflexible and
difficult to manage, update and audit. It also leads to important cryptographic
decisions, such as algorithm choices, key sizes or key usage, being enforced only on
a per-project basis. Such idiosyncrasies then generate bespoke operational and
procedural training requirements which, as the bank disappears further down the
rabbit hole, lead to spiralling costs and protracted development times.

Fortunately, help is at hand. Advanced cryptography management platforms are
emerging from vendors like Cryptomathic, which enable banks to centralise the
management of disparate applications protected with cryptography via a single
control system, eliminating past-fragmentation, vastly reducing administration and
immediately halting the cost spiral that currently threatens the operations of so
many large banks.

In one project alone, Cryptomathic has enabled a major high-street bank to deliver a
critical application into production in just weeks rather than the anticipated six
months, and mitigated the significant cost of HSM hardware by utilising existing
capacity from within the business, as identified via its Crypto Service Gateway
(CSG) platform.

As banks continue to adopt new technologies, to support both their internal
operations and new digital services, their management requirements for cryptography
are only going to intensify. Industry standards like KMIP have brought them this
far, but banks are now stepping into a different league; their need for centralised
control, system-wide visibility, auditability, cost control, resource management and
policy consistency is taking them to places where only cryptography specialists can
provide appropriate levels of support. To this end, cryptography-as-a-service is now
a fast-emerging fintech trend, and one that that, for many banks, can’t be
established quickly enough.


See previous articles

    

See next articles


Your podcast Here

New, you can have your Podcast here. Contact us for more information ask:
Marc Brami
Phone: +33 1 40 92 05 55
Mail: ipsimp@free.fr

All new podcasts