October 12, 2022

Encryption Key Management and Its Role in Modern Data Privacy with Osvaldo Banuelos

How to Subscribe
Share In

When managing your company’s most sensitive data, encryption is a must. To fit your overall data protection strategy, you need a wide range of options for managing your encryption keys so you can generate, store, and rotate them as needed.

The risk of sensitive data being misused or stolen can be limited, as long as just the people (and services) who are authorized to access data for approved purposes can access the key. Without proper management of encryption keys robust encryption techniques can be rendered ineffective. So, while encryption is a core feature of any effective data privacy solution, encryption only enhances data privacy when paired with effective key management.

Osvaldo Banuelos, lead software engineer at Skyflow, joins the show to share his knowledge and expertise about encryption key management and its role in modern data privacy.

Topics:

  • Can you share some of your background from where you started your engineering career to where you are today?
  • How did you end up with an interest in working in the data privacy space? And what’s your work history in this space?
  • What are the fundamentals of encryption?
  • How do you protect against the key being leaked and rendering encryption ineffective?
  • What is an encryption key management system?
  • What are the components of an effective key management system?
  • How often should a key be rotated and does a KMS provide that functionality out of the box?
  • How does key rotation work?
  • Who within an organization is typically responsible for key management?
  • What are some of the popular KMS systems on the market today?
  • From a feature perspective, are they all the same or are their pros and cons to one over the other?
  • How does key management work in Skyflow?
  • When it comes to data privacy, you likely want to protect your customer data using encryption and to do that effectively, you need a robust key management system. Is this enough or are there other technologies a company would need to incorporate to have an effective privacy and compliance strategy?
  • What are the big gaps in data privacy today? What future technology or development are you excited about?
  • Where should someone looking to learn more about the data privacy space begin?

Resources:

Other Podcast

September 11, 2024

Pseudo-anonymization of Data with Jack Godau

In this episode, Sean sat down with Jack Godau to dive deep into the world of pseudoanonymization. Jack shared how pseudoanonymization differs from anonymization, explaining its value for maintaining data utility while complying with stringent regulations like GDPR.

Listen
August 28, 2024

The Evolution of Certificate Management with Anchor Security's Ben Burkert

In this episode we explore how certificates and TLS function, the inherent difficulties in managing internal TLS certificates, and why nearly every engineer has a horror story related to it.

Listen
August 14, 2024

What is a Data Lakehouse with Upsolver's Ori Rafael

In this episode, we sit down with Ori Rafael, CEO and Co-founder of Upsolver, to explore the rise of the lakehouse architecture and its significance in modern data management.

Listen