Updating legacy systems to improve cybersecurity can be daunting, but it is a critical step to take in the ever-expanding universe of bad actors. One of the best and most popular ways to approach it is to implement a key management system (KMS).


But while a KMS is an effective and recommended upgrade, there are still important issues to be addressed. A KMS by itself is not a complete solution, and in this blog post, we will take a closer look at some difficulties you’ll still face after implementing a KMS, and how you can address them to deploy a high-confidence, fully automated, virtually impenetrable ecosystem.




When an enterprise’s management recognizes the value of all cryptographic material being stored in a single, central location, it is an important first step towards taking real control of the company’s encryption processes. It allows them to implement a system that actually has the potential to shut down bad actors and protect both the company’s and their customers’ assets.


Implementing a KMS allows legacy encryption to be incorporated into a single system that is responsible for generating, managing, storing, rotating and tracking cryptographic keys. This immediately affords an enterprise an additional layer of protection from potential cyberattacks while simplifying key distribution among users and improving scalability as encryption needs grow.




Despite the simplicity and central control a KMS introduces to an enterprise’s encryption ecosystem, there are still several barriers to creating a true moving target environment. Among these are:


  • REQUIRED EXPERTISE. Once you decide to put a KMS in place, every company’s deployment will be different. Experts who understand how a KMS works and how it should be designed for your specific company’s assets and needs are required for even the most basic benefits of a KMS to be realized. What will your key management policies be? Who will have access to what, and what if that changes? How will you keep it up to date?

  • GOOD KEY HYGIENE IS NOW TRULY A MACHINE-SCALE PROBLEM. In the current security environment, keys tend to be generated so often and for so many tasks that it is essentially impossible to confidently and constantly create singularly unique cryptography and maintain proper controls around the lifecycles of that cryptography. Some level of automation is required, and the more automation the better. But high-confidence total automation has been out of reach until recently with the development of Ntrinsec’s solution.

  • LACK OF VISIBILITY THROUGH THE LAST MILE. It’s important to ensure that what is supposed to happen is actually happening. Most KMS users assume that once they’ve put their security policies in place and have encrypted assets and locations, the related keys are actually providing the right security at the right location. But are they really? The fact is that – without a solution like Ntrinsec – you don’t know.

    Let’s take a low-tech, real-world analogy to illuminate this. Imagine a plumbing company’s dispatch office, maybe just one or a few people working the telephones, managing inventory, and sending workers out to complete tasks. In other words, a single, central control location with experience, expertise and tools to deliver the correct service at the correct time within an ecosystem.

    The central office assigns plumber #15 in vehicle #22 to pick up water heater type 319-345 and install it at 123 Encryption Street at 2 pm. A clear plan that will produce a positive outcome.

    But once plumber #15 is sent out, does central control actually know that the plan is working correctly? Is plumber #15 in fact at the correct location, doing his assigned job, with a perfect outcome?


    When will central control know that something might be wrong with their deployment? Not until it’s too late, when the phone rings, a problem is reported, and central control has to start putting out fires.

    But in the realm of cryptography, it’s not a delayed water heater installation being reported, it’s an unauthorized entry and potential security breach, and you’re only finding out after the fact. And in today’s cryptographic environment, it’s not just plumber #15 who is out of sight, it’s thousands or millions of plumbers assigned to thousands or millions of locations.



So, it’s important to recognize that while implementing a KMS is a great first step towards a more secure ecosystem, it cannot provide one on its own. It has too many shortcomings in terms of manual requirements, human error, and lack of end-to-end visibility.


Fortunately, Ntrinsec’s groundbreaking cloud-native software addresses these  shortcomings and, once deployed, it is effectively a turnkey solution to minimize your attack surface and maintain proper key hygiene.


Need something encrypted with a singularly unique key?  Tell Ntrinsec and it’s done.


Need to change a key but afraid it’s connected to other assets and might break something? Tell Ntrinsec and it’s done. With nothing broken.


Can’t get an accurate inventory of your keys? Ask Ntrinsec and it’s done, with the highest-confidence methods available.


Not sure what a key is assigned to, or if it is doing its job correctly? Ask Ntrinsec and quickly get accurate, actionable information.


So go ahead and take that important first step to upgrade your legacy systems with a KMS, but don’t stop there. Take the next step – no, leap – to full-confidence automation and visibility with Ntrinsec.

Share This Post

More To Explore