• Heartbleed, OpenSSL and stolen keys - the attack that keeps on giving

    By | April 15, 2014

    Once again the importance of sound key management has been brought into sharp focus. The Heartbleed bug found in OpenSSL, one of the most common means of encrypting data on the internet and internal networks, provides a way for attackers to potentially access private keys. In the context of SSL/TLS, stealing the private key enables the attacker to decrypt traffic or spoof the site and yet seem legitimate. In this case, attackers could have been doing this since 2011 and can continue to do it until the software is patched and keys and certs are remediated. Unfortunately replacing keys and certificates is expensive and time consuming but even when it’s done we still need to address the question of how can we stop this from happening again?

    Continue Reading
  • Network Encryption: Microprocessor (Software) vs. FPGA (Hardware)

    By | April 07, 2014

    Regardless of the features, the brand name, the key management system, or the encryption method, network encryption solutions can be classified into two fundamental categories consisting of Microprocessor-based encryption and FPGA-based encryption.  Both of these implementation methods are capable of encrypting data, however, the tradeoffs between convenience and performance must be considered when deciding which method is appropriate for a given use case.

    Continue Reading
  • Centralized Key Management: Gaining momentum with new data-at-rest applications

    By | April 03, 2014

    Data encryption is being embedded across a wide range of applications, accelerated by recent breaches and government revelations. Now the move is on to take control of encryption keys through centralized key management based around a common set of policies and procedures to enforce proper data access and use. Security experts have long recommended a multi-layered security strategy, as a single point of vulnerability is often exploitable. With back-up data being the proverbial “sitting duck” target, it’s no surprise that data-at-rest application vendors are also seeing more demand to offer encryption capabilities in data backup devices.

    Continue Reading
  • Snowden and the call for stronger encryption

    By | March 12, 2014

    The defence against the dark arts in the digital realm.” Edward Snowden’s emotive description of the benefits of encryption lay at the heart of his talk at the SXSW culture and technology conference in Texas earlier this week.

    Continue Reading
  • Securing the IoT: a hot topic at #RSAC and #MWC14

    By | February 27, 2014

    This week two enormous industry conferences are taking place on two different continents. I'm at the RSA Conference in San Francisco, one of the encryption community's biggest annual get togethers.

    Continue Reading
View more

About this blog

Welcome to our new merged blog site, featuring key management and payments security focused content previously hosted on www.keymanagementinsights.com and www.paymentssecurity.com.

As companies look to protect their customer data and other sensitive information, encryption is being deployed more widely. Yet if an encryption key is lost then that data cannot be recovered. Avoiding this problem demands formalized processes and robust technologies for key management making the protection, management and secure use of cryptographic keys a fundamental component of modern IT security.

Thales has been applying data protection and key management expertise to the worldwide payments industry for over 25 years. Our solutions secure retail and corporate banking, integrate with all widely used credit/debit applications, and include the world's best-selling EMV data preparation system and complete PIN management for card issuers.