In light of recent security breaches that have attacked enterprises’ PKI infrastructure, Baltimore-based data protection provider SafeNet released security guidelines to enhance PKI-based transaction security.
SafeNet’s cryptographic experts first advise that companies consider securing their private keys in a hardware-based security module (HSM). While software-based security has the benefits of portability and flexibility, it’s also vulnerable to being copied and living in multiple locations simultaneously. The HSM can create a trust anchor to lock keys and grant access to key information from an authorized source.
Next, enterprises shouldn’t assume that their infrastructure is secure because they have a certificate authority. Should the certificate private key be compromised, then the entire PKI is compromised. SafeNet recommends using multiple layers of secure cryptography and hardware-based options for securing PKI end points.
Finally, SafeNet recommends planning ahead for the next generation of critical applications. As PKI end points have expanded and more advanced PKI applications have been developed, companies should be more diligent about establishing trust anchors to protect keys and certificates within these applications.