Encryption Key Management Securing your Company Data

Encryption Key Management Securing your Company Data

By Captain Fin | It's all a Bit Crypto | 12 Mar 2020


EKM incorporates a centralized management tool to secure cryptographic keys that encrypt sensitive data across an organization’s distributed IT environments and locations. The increasing adoption of cloud-based deployment and a growing number of data breaches, together with the increasing regulatory and compliance enforcements to protect companies’ sensitive data, are the catalyst that will bolster the growth of the enterprise key management market.

“It is basically designed to address security challenges using cryptographic keys for data. It is widely applicable in IT and telecom, retail, aerospace and defense, energy and utilities, manufacturing, and others.”

Cloud-based encryption solutions and communication encryption are expected to drive market growth. Organizations are rapidly adopting cloud-based storage solutions to store business data, as they offer various cost benefits and operational efficiencies for organizations. These cloud storage solutions also offer dynamic encryption techniques to protect sensitive data at rest or in transit over cloud environments. This fluid adaptability is further driving the growth of the EKM market.  

Encryption technologies have various potential use cases across all industry verticals as they offer enhanced data protection against malicious users. Technology firms and service providers are innovating and deploying a wide range of solutions that deliver cost savings, operational efficiencies for organizations and comply with data security mandates. 

We typically see three major types of data storage encrypted at rest in traditional data centers: SAN/NAS, backup tapes, and databases. We also occasionally see file servers encrypted, but they are in the minority. Each of these is handled slightly differently, but normally one of three ‘meta-architectures’ is used:

  • Silos: Some storage tools include their own encryption capabilities, managed within the silo of the application/storage stack. For example a backup tape system with built-in encryption. The keys are managed by the tool within its own stack. In this case, an external key manager isn’t used, which can lead to a risk of application dependency and key loss, unless it’s a very well-designed product.


  • Centralized key management: Rather than managing keys locally, a dedicated central key management tool is used. Many organizations start with silos and later integrate them with central key management for advantages such as improved separation of duties, security, audit compliance, and portability. Increasing support for KMIP and the PKCS 11 standards enables major products to leverage remote key management capabilities and exchange keys.


  • Distributed key management: This is very common when multiple data centers are either actively sharing information or available for disaster recovery (hot standby). You could route everything through a single key manager, but this single point of failure would be a recipe for disaster. Enterprise-class key management products can synchronize keys between multiple key managers. Remote storage tools should connect to the local key manager to avoid WAN dependency and latency. The biggest issue with this design is typically ensuring the different locations synchronize quickly enough, which tends to be more of an issue for distributed applications balanced across locations than for hot standby sites, where data changes don’t occur on both sides simultaneously. Another major concern is ensuring you can centrally manage the entire distributed deployment, rather than needing to log in to each site separately.

Each of those meta-architectures can manage keys for all of the storage options we see in use, assuming the tools are compatible, even using different products. The encryption engine need not come from the same source as the key manager, so long as they are able to communicate.


The Use Cases Defined

On-premise security solutions such as access control policies, active directories, encryption key management, and authentication are widely adopted across all major verticals as a part of their security strategy to mitigate data loss and privacy concerns. These require the deployment of hardware security modules across the organization’s distributed computing environment to ensure the safety of data, management of policies and adherence to compliance standards.

Various organizations want to leverage the cloud, as they offer various cost benefits and drive operational efficiencies. The cloud environment enables organizations with a lack of infrastructure and skill to deploy extensive security solutions to safeguard data. The agility, scalability, and cost-effectiveness of cloud solutions are enabling organizations to implement data security solutions. Small and medium enterprise are widely adopting cloud-based services to deliver a variety of services for its customers, coupled with the increasingly stringent regulatory mandates is expected to drive the EKM market.

Market segment growth expectations

We look at some important economics, to highlight the EKM Global Market size as well as revenue projections. Global Enterprise Key Management Market is expected to rise from its initial estimated value of USD 6.5 billion in 2018 to an estimated value of USD 35 billion by 2026, registering a CAGR of more than 23.5% in the forecast period of 2019-2026. This rise in market value can be increased levels of adoption of maximized operational efficiency and security.


Global enterprise key management market is currently highly fragmented and the major players have used various strategies such as new product launches, expansions, agreements, joint ventures, partnerships, acquisitions, and others to increase their footprints in this market. The above estimates include metrics of the enterprise key management market for Europe, North America, Asia-Pacific, and South America as well as the Middle East and Africa.

Based on market research, application encryption seems to be the fastest-growing option. It’s also agnostic to your data center architecture, assuming the application has adequate access to the key manager. It doesn’t really care whether the key manager is in the cloud, on-premise, or a hybrid.

In summary - to highlight the importance of strong encryption key management. Enterprise needs to have custody and manage their own encryption keys as it is crucial to meet compliance standards and to satisfy regulatory sovereignty requirements. EKM additionally ensures regulatory compliance and secures data from risks posed by privileged users.

Captain Fin
Captain Fin

The world is an infinitely evolving ecosystem, full of wonder we seek to discover the latest technologies disrupting our surroundings. Working towards a new adventure sailing around the world, powered by solar and wind in an Eco Catamaran.

It's all a Bit Crypto
It's all a Bit Crypto

A series of articles taking a look at the many aspects of life, music, technology, travel within, without, and beyond.

Send a $0.01 microtip in crypto to the author, and earn yourself as you read!

20% to author / 80% to me.
We pay the tips from our rewards pool.