Why Banks Must Look Beyond Today’s Crypto Key Management Standards

Why Banks Must Look Beyond Today’s Crypto Key Management Standards

Stefan Hansen

Marketing Manager at Cryptomathic

Views 302

Why Banks Must Look Beyond Today’s Crypto Key Management Standards

25.01.2017 09:00 am

Banking operations are diversifying, fast. Outsourcers control more of many big banks’ core and non-core operations than ever before. The age of mobility has dawned and vastly increased both the number and the kind of devices that are interfacing with banks’ core systems. Widespread adoption of cloud computing across the sector has triggered vast quantities of previously centralized data to be migrated to a remote environment. Put another way, the technological underpinnings of a bank are becoming ever-more disparate, with new links in and out of their infrastructure being established every day. This ‘mass-diversification’ is enabling banks to conduct business faster and with greater efficiency than ever before. The cost, however, comes in terms of security and interoperability.

Cryptography plays a fundamental role in protecting sensitive data, but the variety of proprietary systems and protocols available has added to ‘the complexity challenge’ that banks face when deploying and managing this essential layer of security. The wide-ranging adoption of ‘crypto’ among banks has partly been enabled by the establishment of industry standards, most notably the Key Management Interoperability Protocol (KMIP), which has promoted the standardization of integration protocols for key management systems.

In these changing times, however, if banks want to continue to establish seamless interoperability and realize the operational fluidity promised by their newly diversified infrastructures, they must look beyond KMIP.

The KMIP standard has, fundamentally, been a great force for good in the banking world. Nonetheless, the standard only addresses specific areas or ‘interoperability protocols’ for key management. In other words, it has created a standard integration environment in which keys can be managed. Unfortunately, this is only one small piece in the overall puzzle of crypto management. Banks now need help to securely and efficiently manage the vast number of keys in their distributed environments. They also need help with how the keys can be used to deliver cryptography.

As banks’ systems have diversified, cryptography too has evolved, from a centralised ‘mainframe’ model to a series of distributed stand-alone systems with network-based ‘Hardware Security Modules’ (HSMs). This fragmentation is resulting in banks’ cryptography becoming application-specific or siloed, making it inflexible and difficult to manage, update and audit.  It also leads to important cryptographic decisions, such as algorithm choices, key sizes or key usage, being enforced only on a per-project basis. Such idiosyncrasies then generate bespoke operational and procedural training requirements which, as the bank disappears further down the rabbit hole, lead to spiralling costs and protracted development times.

Fortunately, help is at hand. Advanced cryptography management platforms are emerging from vendors like Cryptomathic, which enable banks to centralise the management of disparate applications protected with cryptography via a single control system, eliminating past-fragmentation, vastly reducing administration and immediately halting the cost spiral that currently threatens the operations of so many large banks.

In one project alone, Cryptomathic has enabled a major high-street bank to deliver a critical application into production in just weeks rather than the anticipated six months, and mitigated the significant cost of HSM hardware by utilising existing capacity from within the business, as identified via its Crypto Service Gateway (CSG) platform.

As banks continue to adopt new technologies, to support both their internal operations and new digital services, their management requirements for cryptography are only going to intensify. Industry standards like KMIP have brought them this far, but banks are now stepping into a different league; their need for centralised control, system-wide visibility, auditability, cost control, resource management and policy consistency is taking them to places where only cryptography specialists can provide appropriate levels of support. To this end, cryptography-as-a-service is now a fast-emerging fintech trend, and one that that, for many banks, can’t be established quickly enough.

Latest blogs

James Booth PPRO

Brave New World: A Futuristic Vision of Payments

Over the last ten years, the retail e-commerce ecosystem has undergone a wide-ranging transformation. As recently as 2010, the e-commerce and payments value chain were relatively straightforward: Any eCommerce merchant could integrate a payment Read more »

Nish Kotecha Finboot

How blockchain could potentially transform global healthcare in the wake of COVID-19

In the globalised world we live in, entities such as the World Health Organization (WHO) have been established to ensure cooperation between different governments on global health-related issues. In the face of pandemics such as the one we are Read more »

Lina Andolf-Orup Fingerprints

Dispelling biometric myths and misconceptions

Gangsters cutting off enemies’ fingers to access secret locations and spies lifting fingerprints from martini glasses - the imagination of the entertainment world has been running wild ever since biometrics entered the scene. Couple that with the Read more »

Shiran Weitzman Shield

Tackling Apparent Contradictions of Compliance versus Privacy

As technology evolves and becomes more complicated, so too do the moral and ethical dilemmas, along with the associated regulations. However, well-intentioned regulations designed to protect people and businesses alike can sometimes seemingly Read more »

Francis Leclerc Horizon Software

Just about managing: How cloud can help boost trading profits

It’s a tough environment for trading at the moment. Margins are being squeezed across the board to the extent that some major investment banks are completely withdrawing from certain asset classes upon discovering they are not making a profit. Read more »

Free Newsletter Sign-up
+44 (0) 208 819 32 53 +44 (0) 173 261 71 47
Download Our Mobile App
Financial It Youtube channel