Why Banks Must Look Beyond Today’s Crypto Key Management Standards

Why Banks Must Look Beyond Today’s Crypto Key Management Standards

Stefan Hansen

Marketing Manager at Cryptomathic

Views 316

Why Banks Must Look Beyond Today’s Crypto Key Management Standards

25.01.2017 09:00 am

Banking operations are diversifying, fast. Outsourcers control more of many big banks’ core and non-core operations than ever before. The age of mobility has dawned and vastly increased both the number and the kind of devices that are interfacing with banks’ core systems. Widespread adoption of cloud computing across the sector has triggered vast quantities of previously centralized data to be migrated to a remote environment. Put another way, the technological underpinnings of a bank are becoming ever-more disparate, with new links in and out of their infrastructure being established every day. This ‘mass-diversification’ is enabling banks to conduct business faster and with greater efficiency than ever before. The cost, however, comes in terms of security and interoperability.

Cryptography plays a fundamental role in protecting sensitive data, but the variety of proprietary systems and protocols available has added to ‘the complexity challenge’ that banks face when deploying and managing this essential layer of security. The wide-ranging adoption of ‘crypto’ among banks has partly been enabled by the establishment of industry standards, most notably the Key Management Interoperability Protocol (KMIP), which has promoted the standardization of integration protocols for key management systems.

In these changing times, however, if banks want to continue to establish seamless interoperability and realize the operational fluidity promised by their newly diversified infrastructures, they must look beyond KMIP.

The KMIP standard has, fundamentally, been a great force for good in the banking world. Nonetheless, the standard only addresses specific areas or ‘interoperability protocols’ for key management. In other words, it has created a standard integration environment in which keys can be managed. Unfortunately, this is only one small piece in the overall puzzle of crypto management. Banks now need help to securely and efficiently manage the vast number of keys in their distributed environments. They also need help with how the keys can be used to deliver cryptography.

As banks’ systems have diversified, cryptography too has evolved, from a centralised ‘mainframe’ model to a series of distributed stand-alone systems with network-based ‘Hardware Security Modules’ (HSMs). This fragmentation is resulting in banks’ cryptography becoming application-specific or siloed, making it inflexible and difficult to manage, update and audit.  It also leads to important cryptographic decisions, such as algorithm choices, key sizes or key usage, being enforced only on a per-project basis. Such idiosyncrasies then generate bespoke operational and procedural training requirements which, as the bank disappears further down the rabbit hole, lead to spiralling costs and protracted development times.

Fortunately, help is at hand. Advanced cryptography management platforms are emerging from vendors like Cryptomathic, which enable banks to centralise the management of disparate applications protected with cryptography via a single control system, eliminating past-fragmentation, vastly reducing administration and immediately halting the cost spiral that currently threatens the operations of so many large banks.

In one project alone, Cryptomathic has enabled a major high-street bank to deliver a critical application into production in just weeks rather than the anticipated six months, and mitigated the significant cost of HSM hardware by utilising existing capacity from within the business, as identified via its Crypto Service Gateway (CSG) platform.

As banks continue to adopt new technologies, to support both their internal operations and new digital services, their management requirements for cryptography are only going to intensify. Industry standards like KMIP have brought them this far, but banks are now stepping into a different league; their need for centralised control, system-wide visibility, auditability, cost control, resource management and policy consistency is taking them to places where only cryptography specialists can provide appropriate levels of support. To this end, cryptography-as-a-service is now a fast-emerging fintech trend, and one that that, for many banks, can’t be established quickly enough.

Latest blogs


How Technology Has Disrupted the Used Car Buying Experience

We’ve seen many fields change rapidly as a result of the integration of modern technological advancements over the last couple of decades. And it looks like more is coming on the horizon as well, judging by current trends. One of the markets that Read more »

Shuvo G. Roy Mphasis

Reboot 1.0: How financial services technology can enable the supply chain to support a post-lockdown boom

Ground control and Captain Tom When veteran Captain Tom Moore decided to walk one hundred laps of his garden before his 100th birthday to raise funds to support NHS heroes battling Covid-19 from the frontline, he never imagined that he would Read more »

Lisa Gutu Salt Edge

Building a PSD2 compliant channel: challenges and opportunities for financial institutions

PSD2 obliges ASPSPs including banks, e-wallets, prepaid cards and other companies that offer payment accounts to provide at least one channel for secure communication with third party providers (TPP). Even neobanks or e-money institutions, including Read more »

Thomas Pintelon Capilever

Credit origination - A lot of innovation on the horizon

While consumer credits are becoming more automated and user-friendly to request, all other credits are often still very manual and labor intensive to originate. In this (relatively long) blog I will try to give a description of the (potentially Read more »

Kelly Kearsley Hourly.io

Time Card Theft is a Big Problem. Here's How to Stop It.

Trust is at the core of every employer-employee relationship. You trust your people to do their jobs, and they trust you to compensate them for their work. Most of the time, it works. However, there's always the person looking to bend the rules or Read more »

Free Newsletter Sign-up
+44 (0) 208 819 32 53 +44 (0) 173 261 71 47
Download Our Mobile App
Financial It Youtube channel