DARZ Cryptographic Key Management System
All security-relevant IT processes in a company require proactive support in the form of a central approach.
A powerful cryptographic key management system (KMS) must be able to centrally manage all security-relevant IT processes in a company. In the Internet of Things, managing a large number of individual cryptographic keys in production and at the customer site is increasingly becoming a major challenge.
The core elements of security processes are keys and certificates. Within the entire Key Management Lifecycle, a Key Management System (KMS) must store and manage a variety of “secrets” (SSH-key, API-keys, certificates…). It is important that organizations have an overview of how keys and certificates are used in their network at any point in time. Many organizations use a large number of keys and certificates without central control. For example, it is not known who has access to which keys or there is no dedicated role and rights management.
However, if keys and certificates are not effectively secured, the enterprise is vulnerable to attack. It is important that organizations have an understanding and control of what keys and certifications are used on the network.
If each department manages its own security processes, the complexity and handling costs will increase dramatically as the number of keys and certificates used in various applications grows. Constant changes in security policies, obligations and strategies increase the security management burden. A manual process of monitoring and updating is time-consuming, increases error-proneness and causes very expensive downtime.
A central enterprise key management system (administration) provides an overview of the key material used in the company. It enables controlled access to encrypted data in accordance with the IT security strategy.
In the company’s internal infrastructure, keys and certificates are widely distributed among various actors. These are not only machines (e.g. PCs), but also human participants accessing the infrastructure. Fast and easy integration of storage devices, network devices, personal devices with embedded memory (e.g. computers, cell phones, databases, etc.) is, therefore, an important task. Through the use of KMIP (Key Management Interoperability Protocol), the interconnection of different systems for cryptographic key operations is standardized by OASIS (Organization for the Advancement of Structured Information Standards). There are many well-known companies that have already integrated the KMIP protocol.
Industry standards increasingly recommend the use of keys to protect smart IoT devices (e.g., OMS). Regulatory compliance will also become one of the main influencers for IoT security adoption. For example, the European Data Protection Regulation (GDPR) will have a huge impact on IoT device vendors. In this context, the DSGVO requires pseudonymization and encryption of personal data. Violations will be punished with high penalties.
A central cryptographic IoT Key Management System (IoT DARZ), as developed jointly by MTG AG and DARZ, therefore forms an indispensable tool for meeting the highest security requirements in IoT networks.