In the PEM Administrator, an Application is mapped to one or more Smartkey Kinds. These Kinds are used by the PEM Administrator to filter which keys the client of that Application should receive when it asks the PEM Administrator for keys. For example, the PK Protect Desktop and Mobile applications are mapped to Kinds including
PK Protect and
community. This mapping mechanism is used by the PEM Administrator to segregate Applications from one another. It is important to note that permission to use the key is tied to an Identity - the mapping only serves to determine if that Identity can use the Smartkey with a specific Application.
Strategies for Application Kinds
Determining your strategy for structuring your Smartkeys is important for security and ease of management. Below are some typical scenarios and strategies for structuring keys in each scenario. Work closely with your development team on selecting your strategy and configuring your Kinds.
In most cases, an application only needs one Kind associated with it. For example, you might indicate that the Application for your customer management system (CMS) should receive
acme_cms keys, but that your in-house chat app should receive
In some cases though, you may want to enforce additional rules.
Kinds for security groups
You may have a set of Smartkeys that are used for extremely sensitive data, regardless of the application, with a Kind of
acme_sensitive. In this case, your CMS and chat applications should both be allowed to use these key Kinds, in additional to their application-specific Kinds. Accordingly, you would configure the CMS application to have Kinds
acme_sensitive, and the chat app to have
Kinds for key purpose
You may have a set of Smartkeys that are used for a specific type of data. For example, you may define the Kind
acme_database for all keys that are used to encrypt database columns. In this case, you would want both your CMS and your chat applications to have access to these Kinds so they can use the corresponding Smartkeys to encrypt data before storing them. Accordingly, you would configure the CMS application to have Kinds
acme_database, and the chat app to have