Organizations place a lot of trust in their IT personnel, so when a key IT employee leaves or attempts to exploit his position of power, it can spell trouble. Often these risks are associated with weak administrator passwords and poor password management. However, a recent survey by Venafi found that similar threats arise when encryption keys aren’t managed properly.

40% of IT staff surveyed admitted that they could hold their employers hostage — even after they’ve left for other employment — by making it difficult or impossible for their bosses to access vital data by withholding or hiding encryption keys. A third of survey respondents said that their knowledge of and access to encryption keys and certificates means they could bring the company to a grinding halt with minimal effort and little to stop them.

Thirty-one percent of respondents said that they could still access organizational data because they could easily retain the encryption keys when they leave and access the information remotely. Twenty-four percent admitted that fear of losing encryption keys deterred them from investing in encryption key and certificate solutions to protect digital assets and secure sensitive system communications.

“There are very real threats associated with poor oversight and management of encryption keys, which are used for both system authentication and data protection,” said Tom Olson, Senior Network Engineer, Milestone Systems. “IT personnel who have left the company could cause havoc with their knowledge of encryption keys, shared passwords and weak controls.”

Management Is Key

The survey shows that 82 percent of companies now use digital certificates and encryption keys, but 43 percent admit to being locked out from their own information because people have left the organization or keys are lost. Seventy-six percent would use automation if they knew it existed, but these companies are unaware of how to manage their keys and certificates, leaving them exposed to unplanned system outages, security risks and reduced access to critical data.

“It’s a shame that so many people have been sold encryption but not the means or knowledge to manage it,” said Venafi CEO Jeff Hudson. “They have found out the hard way — after being locked out from their own information — that they need an automated solution to manage the thousands of keys and certificates they have. Once the data’s protected with encryption, the key becomes the data and the thing that must be managed and protected.

“Key encryption is only half the solution. IT departments must track where the keys are and monitor and manage who has access to them. What this survey reveals is that organizations need to quickly come to terms with how crucial encryption keys are to safeguarding the entire enterprise as well as the heightened need for automated key and certificate management with access controls, separation of duties and improved polices. It’s no longer rocket science. There are some great solutions on the market that can manage and automate these assets at a click of a switch.”

Simple Solution

Milestone has partnered with Venafi to deliver the industry’s only recognized automated enterprise key and certificate management (EKCM) solution to Milestone’s customer base. Designed specifically for enterprise environments, Venafi solutions provide automated management capabilities for a wide range of digital certificate and encryption key technologies used by today’s enterprises, including symmetric keys, secure shell (SSH) keys, asymmetric keys and digital certificates.

Venafi Encryption Director 6 provides out–of–the box automated management capabilities for the widest range of digital certificate and encryption key technologies used by today's enterprises. Recognized by Gartner as a "Cool Vendor," Venafi provides the only platform that allows organizations to automate discovery, monitoring, validation, management and security of the most commonly used encryption assets.

“Venafi delivered the first enterprise–class solution to automate the provisioning, discovery, monitoring and management of digital certificates and encryption keys — from the desktop to the data center — built specifically for encryption management interoperability across heterogeneous environments,” said Olson. “Venafi products reduce the risks associated with encryption deployments that result in data breaches, security audit failures and unplanned system outages.”

The Venafi data is based upon a survey of 500 IT security specialists taken at the InfoSecurity 2011 event. The full survey results and executive summary can be viewed at: www.venafi.com/InfoSecurity-data.

Automate the management of your digital certificates and encyrption keys with Venafi and Milestone. To learn more call toll-free 877-771-9510 or e-mail info@milestonesystems.com.