Managing cryptographic keys can be a complex task for an enterprise and
particularly difficult to scale when an increasing number of users and
applications need to be managed. In order to address scalability issues,
typical IT infrastructures employ key management systems that are able to
handle a large number of encryption keys and associate them with the authorized
requests. Given their necessity, recent years have witnessed a variety of key
management systems, aligned with the features, quality, price and security
needs of specific organisations. While the spectrum of such solutions is
welcome and demonstrates the expanding nature of the market, it also makes it
time consuming for IT managers to identify the appropriate system for their
respective company needs. This paper provides a list of key management tools
which include a minimum set of features, such as availability of secure
database for managing keys, an authentication, authorization, and access
control model for restricting and managing access to keys, effective logging of
actions with keys, and the presence of an API for accessing functions directly
from the application code. Five systems were comprehensively compared by
evaluating the attributes related to complexity of the implementation, its
popularity, linked vulnerabilities and technical performance in terms of
response time and network usage. These were Pinterest Knox, Hashicorp Vault,
Square Keywhiz, OpenStack Barbican, and Cyberark Conjur. Out of these five,
Hachicorp Vault was determined to be the most suitable system for small
businesses.

By admin