CIOS don't roll out of their beds and think, "Hey, let's sink a few hundred grand into a cohesive enterprisewide encryption infrastructure." Instead, the process is a slow creep, starting with backup tapes and spreading as compliance issues bubble up or we realize that specific applications represent financial liabilities. The result? Layer upon layer of encryption management, replete with multiple key-management challenges.
It's time to stop and think: Will a piecemeal approach to encryption and key management cost us big? Maybe, but you have little choice.
"The bad news is that regulatory pressure is causing us to turn on security from the bottom up," says Benjamin Jun, VP of technology at Cryptography Research. Jun adds that key management is where identity management was five years ago--waiting for the industry to decide on common standards.