How to handle Encryption Keys
Applying encryption to secure data is a strong way to protect it. However, without strong key management, the control can be ineffective.
The concept of key management covers the secure storage, generation, rotation and deletion of the encryption keys. Key management can be a local activity relating to the specific database that has been encrypted. It can also be centrally managed where encryption has been adopted enterprise-wide across a variety of platforms, data sets, devices. In such circumstances, the key security and management are normally performed by a Hardware Security Module (HSM).
Cloud adoption is also a driver for centralised key management. This allows the separation of duty, splitting the key from the data. There are many compliance requirements for such good practice, and cloud adoption/migration can bring this issue to the forefront.