By Richard Moulds
High profile data breaches and the ever-increasing number of government and industry specific compliance regulations have escalated data security from an IT issue to a C-level priority.
The consequences of not adequately protecting data could result in a failure to meet compliance mandates or exposure to the risks of data loss or theft – all of which can cause monetary losses and negative publicity. In the face of these risks, one thing is clear: data security is a pressing issue for every enterprise.
As a result of this increased level of attention being paid to security, encryption is fast becoming the de-facto method for true data protection. While encryption will not completely replace the need for firewall or perimeter level security, it is increasingly deployed across the enterprise as the most fool-proof way to protect data from both external and internal threats. The reason encryption has become a last line of defence for data protection is because with encryption, even if the data is stolen or accessed, it is unreadable without the keys to decrypt that data.
While encryption is a critical component of any enterprise security system, if not deployed correctly, it simply shifts the problem from protecting and controlling data access to protecting and controlling access to the keys that underpin the encryption process. As with most powerful tools, encryption needs to be handled and managed carefully.
Why do keys need to be managed?
Protecting data is important, but if a key is lost access to ALL of the data that the key originally encrypted is lost as well. To put it bluntly, encryption without competent key management is effectively electronic data shredding. Furthermore, just as with house keys, office keys or car keys, great care must be taken when determining with whom the keys are shared.
Key management is the process by which encryption and cryptography in general become effective security and business tools, rather than just a science. It is about making sure that keys are created according to the correct process, backed up in case of disaster, delivered to the systems that need them, on time, under the control of the appropriate people and finally deleted at the end of their life-span. It is also about setting and deploying security policies regarding the use of encryption in an organization and being able to audit that those policies are being enforced. In short, key management is quite literally the key to enterprise data security.
So what are the characteristics an organization needs to consider when assessing an enterprise key management system? Enterprises should ask the following questions before selecting and deploying a key management solution:
- Is the proposed system a general purpose solution, focused on the entire enterprise or just a niche offering?
- What range of endpoints and applications can be managed?
- How does the system scale – how do you measure capacity and performance?
- How about policy management and key usage rules?
- What key management tasks can be automated?
- How resilient and secure is the key management system itself?
- What audit capabilities exist?
A general purpose or a niche solution?
When evaluating a key management solution, the first question has to be ‘is it designed to act as a general purpose solution, or it is tied to a particular class of encryption device or application’ (e.g. database encryption or storage tape encryption)? Many encryption systems include native key management capabilities, but invariably these do not extend to manage keys in other systems. General purpose key management offerings instead are standalone systems that manage keys across various classes of devices and applications. These solutions can therefore unify disparate key management policies and enable keys to be mobile across different end-points or applications – an essential capability if data is going to move between these systems in an encrypted form.
What range of endpoints and applications can be managed?
Particularly in the case of a general purpose key management system, it is important to consider the range of applications and target platforms that can be managed and how easy it is to support new types of end-point. Different operating systems or applications may be added at some point in the future. In addition to managing pure software-based applications it is important to consider whether the system can manage server-based applications that utilize a hardware security module (HSMs) or desktop applications that use trusted platform module (TPM) chips. These stronger forms of end-point security raise the bar for assessing the security characteristics of the management system itself.
How does the system scale – how do you measure capacity and performance?
When using a general purpose system to manage keys on behalf of different types of end-point and applications, operational issues such as scalability and latency come into play. How many different types of end-point can be managed simultaneously, how many keys can be managed within the overall system, how quickly can keys be delivered (latency) and at what rate – how many keys per second per end-point? Does the key management system have an architecture that enables deployments to grow incrementally as the number of keys in use and number of end-points increase over time? Does the system support hardware acceleration to further improve performance?
How about policy management and key usage rules?
With so many keys under management and numerous applications to be considered, the degree to which key usage rules can be defined and enforced becomes a critical security concern of any key management system. Each key or group of keys should be associated with an individual usage policy defining which end-point or group of end-points or class of application can request it, and what the end-point or application can do with the key (e.g. encrypt, decrypt, sign etc.) and whether any other higher levels of authorization are required to release or recover the key. It is also vital that keys have a defined lifetime that is rigorously enforced – for example a day, a week or a year. Defining how long keys remain valid before they need to be requested again can significantly reduce the burden of key revocation in the event that keys need to be withdrawn from service.
What key management tasks can be automated?
With so many keys in play and with short key lives, the importance of automation is obvious both from the perspective of keeping costs down by replacing manual processes but also from a security view point – lowering the risk of human error. The need to regularly refresh or rotate keys, particularly those protected only in software, is an established best practice and naturally lends itself to automation. Similarly, certificate requests and interaction with public certificate authorities, (e.g. to renew SSL certificates) is a good example of a process that can benefit from automation.
How resilient and secure is the key management system itself?
It goes without saying that a system that is managing cryptographic keys on behalf of numerous mission critical applications and devices itself becomes a mission critical component of IT security infrastructure. Unlike most other security management systems, such as those managing software patches or network alarms, an enterprise key management system must itself be secure and ideally tamper resistant. Key management systems should be at least as secure as the most secure end-point they manage – which may very well be a FIPS (Federal Information Processing Standard ) validated hardware security module (HSM). The use of hardware security modules within the key management system itself is essential for most deployments as is the ability to enforce strong authentication, rigorous dual controls and separation of duties for system administrators. These security requirements place even greater value on a robust system architecture where resiliency, failover and emergency recovery are priorities.
What audit capabilities exist?
With control and visibility over the keys to the kingdom, some of which may be required to be stored for as long as fifty or more years the key management system becomes a powerful tool in efforts to demonstrate compliance and to act as an internal forensic tool. In addition to protecting the keys themselves the key management system must provide high integrity audit logs and reporting tools. Internal system logging activities should be cryptographically secured, digitally signed and time stamped to ensure integrity and the ability to validate activity many years in the future.
Conclusion
At the end of the day it is all about protecting data. Increasingly encryption is being seen as the best way to ensure that data is protected, but the increased use of encryption creates a key management challenge. The challenge, however, doesn’t need to be a daunting one. Highly flexible and extensible solutions that automate many of the time-consuming management tasks and address key management in a centralized enterprise-wide manner is rapidly becoming a priority for many organizations. In order for enterprise-wide encryption to be deployed correctly, organizations need to deploy the correct tool to manage the keys. In the same way that data protection has moved from an IT challenge to a C-level issue, key management is also beginning to be seen as a high-level business imperative. Hopefully this article provides some insight into the important issues that organizations need to consider when evaluating a key management solution.
Richard Moulds is nCipher’s vice president of marketing. Richard holds a bachelor's degree in electrical engineering from Birmingham University and an MBA from Warwick Business School, both in the UK. www.nCipher.com |
