Rotating the Data Encryption Key
Data Encryption Keys (DEKs) are keys designed to encrypt and decrypt data once or multiple times. The longer the key is in use, the higher the probability of a breach. SmartIQ key rotation minimizes the amount of data exposed to an attacker by retiring a key and replacing the key with a new cryptographic key. The inactive key can decrypt the old data but will not be used to encrypt new data.
SmartIQ automatically rotates the key regularly every 12 months for compliance with standards but also provides the option to manually rotate the keys. To do this:
User Permission
Note: Only users with Manage Security permission will be able to access the Security settings in Manage and manually rotate the key.
- Go to the Manage > Settings > Security.
- Under Encryption Keys, you will see the version and expiration date of the current Data Encryption Key.
- Click Rotate Key.
- Click Save to save the changes to the settings.
The system may take up to ten (10) minutes for the previous key to be deactivated from the cache. Restart the site to force the system to use the new key.
Updated about 3 years ago