Richard Sisk (2/10/2012)
It works quite well, we have key change procedures that are used to regularly update the keys. If a backup is stolen, it's no good unless they also know to steal the key backups which are stored protected on another device. It has passed several PA-DSS audits.
How often do you change keys and how big a deal is it? Performance issues? Resources in use? blocking?