Do you know what takes place at the Ceremony of the Keys at the Tower of London? During the 700-year-old ancient ceremony, footsteps echo in the darkness. The sentry cries out, 'Halt, who comes there? 'The Yeoman Warder replies, 'The keys.' 'Whose keys?' 'Queen Elizabeth's keys.' 'Pass then, all's well.'
The intent of this tradition was to ensure trusted access to and physical security of the Tower, the most secure castle in the land, so that intruders would not be able to gain access. Yeoman Warders have been guarding the Tower of London since Tudor times. Nicknamed ‘Beefeaters’, the Yeoman Body of 32 men and women are all drawn from the Armed Forces. These men and women are obviously highly trained in security matters, as it’s reported that they need to have 22 years of military service to even become a Yeoman Warder.
At any given time an individual Yeoman acted as sole custodian of the keys, a practice which would not translate well into modern key management best practices. To mitigate against unavailability of resource and to protect against rogue employees (or Yeomen!) then more than one person should be required to engage in any sensitive key management activities.
Security Practices and the Queen’s Jubilee
Does this historical reference to keys have a connection to modern day security for the Queen during events such as the upcoming Platinum Jubilee in June 2022? The event, which marks the Queen’s 70 years of service to the people of the United Kingdom, the Realms, and the Commonwealth, will no doubt require next-level physical security.
Physical event security is certainly important, but what about cyber threats? Recent cyberattacks, coupled with the security measures taken for such high-visibility event, is a reminder of the risk of attacks on critical infrastructure. Take for example, highly-connected cyber-physical systems that are connected to and managed from the cloud, and that ensure the integrity of critical infrastructure across all sectors. Attacking operational technology systems presents a major threat to national economy and security.
The historical reference to the keys also paints a vivid picture of attempts to secure the Tower hundreds of years ago and serves as the foundation of the concept of identity and access management (IAM). Identity and access management can play an essential role in strengthening the security posture of critical infrastructure, and strong key management plays an essential role in supporting encryption used to protect the underlying data.
IAM and Key Management
Efforts to secure access to organization data have evolved. Today, modern technology allows organizations to control access to their assets by creating granular policies. This helps organizations ensure that the right user has access to the right resource at the right level of trust. Importantly, it allows organizations to answer the question of who accessed what and when?
Modern technology also allows organizations to use digital keys to secure their sensitive data. Of course, organizations cannot just generate a pair of encryption keys, secure the data that needs securing, and forget about those cryptographic assets afterwards. They will need to also manage the storage, distribution, and use of those keys. Key management is important for effective IAM. Organizations that lack a central IAM strategy lose precious security and productivity and become increasingly vulnerable to data breaches arising from compromised identities.
Securing access to digital assets is fundamental for any organization protecting sensitive systems and the underlying data. Much like many, many years before, during the Ceremony of the Keys, the practice of ensuring trusted access to an organization’s assets should be formalized and consistent, as well as widely socialized for awareness to support a high rate of understanding and adoption.
Explore how you can rely on Thales to help you discover, protect and control access to your sensitive data wherever it is – from the cloud, data centers or networks … or even the Tower of London!