Enterprise key management provides three primary ways to address key rotation challenges. First, it provides visibility into the state of encryption keys across multiple key repositories. This is important because it eliminates the problem of having too many encryption key silos with no top level view of which keys need to be rotated. Taking measure of the problem is the first step towards finding a resolution to the pain.

Second, enterprise key management provides the tools to automate the process for key rotation, so whether performing one key rotation or a hundred, it is the same relative amount of effort. With automation, security-conscious industries such as financial services can rotate keys daily for sensitive systems that support things such as electronic payments and point-of-sale devices. Automation tools should also include workflow to ensure that internal procedures and processes are honored along the way.

Third, enterprise key management ensures that all key material throughout the IT environment stays safe and within the expected operating parameters. This includes enforcement of security policy, which ensures keys meet corporate guidelines for the key properties (length, type, time to live and so on) as well as for related services (how long to archive the key, recovery policies and so on).

It's time for CISOs and risk managers to put aside the philosophical debates about key rotation and get back to their pleasant dinner conversations.

Tokuyoshi is product marketing manager at PGP Corp.