The European Union's General Data Protection Regulation (GDPR) will come into effect on May 25, 2018. The GDPR stands to be one of the most comprehensive frameworks of its kind and is a true game changer for organizations not just within the EU, but all over the world. While there is no single strategy that can help you comply with the GDPR, the purpose of the regulation is very clear: to strengthen personal data protection for EU citizens and residents.
According to the GDPR, the term personal data refers to any information which directly or indirectly helps identify a "Data Subject" (i.e., a natural person). Organizations today collect, store, process, and transmit large volumes of personally identifiable information and thus need to enforce stringent access controls to comply with the GDPR.
In today's connected world, conventional data protection techniques, ones where the focus is on restricting the physical location of data, just won't cut it. An incredibly large volume of personal data is collected, stored, processed, and transmitted every day, and businesses need to look for more progressive solutions to safeguard stored information or information that is in transit. The most highly-recommended and widely-adopted technique is following a layered approach to information security, a combination of multiple security strategies which offset one another's capability to protect personal data, thus ensuring tighter security.
Public key infrastructure (PKI), a system which provides data security through encryption and authentication, forms one of the most crucial parts of this layered security model. Digital keys and certificates are at the heart of PKI. These are digital identities which protect access to critical systems and ensure strong encryption of personal data. Securing these digital identities is one important aspect that every organization should consider in their journey to become GDPR-compliant.
However, managing SSH keys and SSL certificates puts forth the following challenges:
ManageEngine Key Manager Plus is a web-based key management solution that automates and manages the entire life cycle of SSH keys and SSL certificates. SSH keys and SSL certificates protect critical business systems and applications that handle the personally identifiable information of any EU clients. Key Manager Plus helps admins discover, deploy, map, rotate, and monitor the SSH keys and SSL certificates used in their enterprise as well as enables secure, key-based access to critical systems.
With Key Manager Plus you can:
Fully complying with the GDPR requires a variety of solutions, processes, people, and technologies. Securing encryption keys and certificates is one strategy that helps organizations protect personally identifiable information, and together with other appropriate solutions and strategies, Key Manager Plus helps you reinforce data security and comply with the GDPR. This material is provided for informational purpose only and should not be considered as legal advice for GDPR compliance. ManageEngine makes no warranties, express, implied, or statutory, as to the information in this material.
Key Manager Plus is integrated with ManageEngine’s Password Manager Pro, to provide unified privileged identity management platform.
ManageEngine’s Key Manager Plus enables us to stay on top of SSL certificates for all of our websites. With Key Manager Plus, we’re able to monitor which certificates are nearing expiration and roll out new certificates in a timely manner.Ken Odibe Senior cloud infrastructure consultant, Sapphire systems.