RSA Security Inc. (NASDAQ:RSAS) today announced RSA Key Manager software, which enables businesses to effectively manage the lifecycle of encryption keys.
RSA Key Manager is a stand-alone key management offering that may be integrated with a range of encryption solutions, including RSA BSAFE Data Security Manager software. The new solution also helps companies comply with the key lifecycle management guidelines of the Payment Card Industry (PCI) Data Security Standard, a global initiative spearheaded by leading payment card companies which strives to protect consumers' transaction data.
Accor North America, which operates more that 1,200 upscale and economy hotel properties including Sofitel, Novotel, Ibis, Red Roof Inn, Studio 6 and Motel 6, implemented RSA Key Manager and RSA ClearTrust access management software to help address PCI requirements.
"As one of the world's leading travel brands, millions of customers each year rely on Accor North America to provide a safe hotel stay, and we're committed to ensuring that our customers' transaction data is just as secure," said Harvey Ewing, senior director of IT security at Accor North America. "RSA Key Manager software enables us to effectively manage encryption keys generated enterprise wide, irrespective of operating system or backend database, providing us with unprecedented flexibility in our integration of encryption to existing applications and infrastructure."
Tackling the Key Management Challenge within New and Legacy Systems Key management is core to an overall encryption strategy; however, most existing encryption solutions lack effective key lifecycle management capabilities.
RSA Key Manager software benefits customers with legacy encryption deployments as well as companies deploying RSA BSAFE Data Security Manager software for policy-driven application security. RSA Key Manager software enables businesses to:
- Integrate key management with legacy open source and commercial encryption solutions
- Centrally manage keys generated by disparate enterprise applications
- Quickly retire compromised or lost keys, and promptly issue new keys
- Manage both key lifecycle and encryption rules using a common centralized policy through integration with RSA BSAFE Data Security Manager software
"Burton Group clients have many pockets of encryption across their organizations, and this "siloing" of encryption keys may hamper efforts to effectively protect sensitive consumer and enterprise data," said Trent Henry, senior analyst at Burton Group. "Large companies realize that a successful response to critical security requirements - such as the PCI standards - requires consistent processes for protecting data across the organization. As a result, they are looking for ways to centralize key management functions and create a security clearinghouse for keys, policies, and standards across many applications and encryption silos."
Achieving PCI Data Security Standard Compliance
Though PCI requirements are specific and measurable, research by First Data Corp. reports 85 percent of affected companies have yet to meet PCI standard requirements - most often because of difficulties associated with implementing the necessary technology solutions. RSA Key Manager software lessens this challenge by providing centralized, secure, simplified key lifecycle management for all applications. In contrast to hardware-based solutions, RSA Key Manager does not require the extensive resources needed to deploy appliances at every single retail location, as often required for full PCI compliance. RSA Key Manager software may also be leveraged alongside RSA BSAFE Data Security Manager software, RSA SecurID two-factor authentication technology and RSA ClearTrust access management software as a comprehensive PCI solution.
RSA Key Manager Solution: Key Features and Benefits
RSA Key Manager is part of RSA Security's enterprise data protection solutions suite, and is rooted in best practices developed by RSA Professional Services. RSA Key Manager software includes a server based on Sun Java technology, client application programming interface (API) and Web-based administration tool. Key features include:
Point-of-sale (POS) application integration: RSA Key Manager software may be integrated at the POS application level, enabling retailers to manage keys from the start, mitigating the risk associated with branch location encryption.
Simple interface: RSA Key Manager offers a browser-based interface, allowing administrators to easily manage keys generated by a wide range of applications.
Intuitive API: The solution offers a simple API that is ideal for software developers unfamiliar with key management.
Separation of duties: RSA Key Manager leverages RSA ClearTrust access management software to enforce separation of duties, ensuring that no individual may compromise the key management systems or access plaintext keys.
Stronger authentication support: Organizations may leverage RSA SecurID two-factor authentication technology to provider stronger protection for the RSA Key Manager solution deployment.
RSA BSAFE Data Security Manager integration: RSA Key Manager functions out-of-the-box with RSA BSAFE Data Security Manager, a solution that enables developers to easily build data security controls into enterprise applications.
"Companies entrusted with private consumer data, particularly information related to payment card transactions, must do everything possible to keep the information safe and secure," said Rick Welch, vice president, Developer Division at RSA Security. "Effective enterprise data protection requires a multi-pronged approach, and the combination of RSA Security solutions, including RSA Key Manager, will enable organizations worldwide to protect their business and customers."