Meeting TISAX Standards with PKWARE, Part 5: Cryptography

Automotive suppliers must meet TISAX data security standards in order to do business with any major German automobile company. PKWARE helps companies simplify TISAX compliance by providing a wide range of capabilities to address multiple requirements. In our TISAX blog series, we're examining the requirements auto industry suppliers and service providers must meet, and how PKWARE is helping organizations meet those requirements.

Today's topic: encryption, and how to implement it.

Encryption is the strongest form of data protection, making it impossible (assuming the encryption was done properly) for anyone to read sensitive data without the correct decryption key.

TISAX standards (in Section 10.1 of the assessment) call for sensitive data be protected with encryption both at rest and in transit. Encryption isn’t just a checkbox here, however. The role of both key management and strong encryption algorithms must also pass muster.

Data at rest

Some technologies (such as encrypted hard drives or file server encryption) focus on encrypting data at rest. As long as the files are in a "secure location," they’re protected. But copy the file onto Dropbox, a cloud instance, or a mobile storage device (or anywhere but that secure location), and the file loses its protection.

Data in transit

Some technologies (such as VPNs or WAN encryptors) deliver encryption of data in transit. The issue with this, however, is that the data must be sent via a secure tunnel, and often the onus is on the user to start the tunnel and choose to send the sensitive data through it. Marking the checkbox in this case might be easy to do with a VPN, but doesn’t make it easy for users (or enforceable by organizations) to actually keep the data safe.

The best of both worlds

Few technologies, however, can do both at-rest and in-transit encryption, and even fewer combine that capability with enterprise-class key management. PKWARE’s data security platform can apply its persistent strong encryption to files, which stay protected wherever the files go—both at rest and in transit.

...plus enterprise key management

Generally considered the most challenging aspect of enterprise-wide encryption, key management involves a variety of functions, including key generation, key storage, key exchange, and key rotation. While reliable encryption algorithms and hash functions have existed for decades, an optimal approach to key management has remained elusive. PKWARE can support the management of millions of keys and certificates, suitable for organizations all the way up to large enterprises.

To take the next step in encryption key management, organizations can use PKWARE's Smartkey technology, which associates keys with user identities and provides complete organizational control over access to encrypted data.

Up next in our TISAX series: event logging and reporting.