The security of cryptographic processes is dependent on the security of the cryptographic keys used to encrypt the data. If the keys used to encrypt or tokenize data are stolen with the encrypted or tokenized data, the data is not secure because it can be deciphered and read in plain text. For encryption and tokenization to successfully secure sensitive data, the cryptographic keys themselves must be secured and managed. An effective cryptographic key management strategy should take a centralized approach to secure various types of data in different environments, combined with the management and maintenance of keys and crypto resources being utilized. In order to provide the consolidation, protection, and flexibility that today’s environment demands, a centralized key lifecycle management strategy should incorporate the following areas:
1. Key Generation
Since a key is used to encrypt and decrypt vital data, make sure the key strength matches the sensitivity of the data. The greater the key length, the stronger the encryption (hence the popularity of AES-256 versus shorter key lengths/types). In other scenarios, RSA key pairs may be a better solution (so enterprises can use a public key to allow a third-party to authenticate and use a private key to encrypt the data). Other situations require supporting key types based on government or compliance standards. Therefore, organizations should ensure their chosen key management solution provides the necessary support for their unique needs.
2. Separation of Duties
Ensure the same person creating and managing the key has no access to the protected data. The practice of Separation of Duties reduces the potential for fraud by dividing related responsibilities for critical tasks between different individuals in an organization, as highlighted in NIST’s Recommendation of Key Management.
3. Key Storage
Various solutions will provide different levels of security when it comes to the storage of keys. Ideally, the solution can provide the flexibility to store keys in a secure vault with specialized permissions for key administrators and key consumers. For environments where security compliance matters, the ability to use a hardware security module (HSM) provides a secure area to store the key manager’s master key. This approach is required by security-product certification programs run by government: FIPS 140-2, FIPS 140-3 and Common Criteria. Finally, there may be scenarios where securely storing the key off the appliance in a secure enclave or obfuscated in memory may be needed.
4. Key Rotation
Depending on the algorithm and organizational need, each key should be designated a crypto period with the ability to change that key on demand. It’s important to limit the amount of data encrypted with a single key because using the same key over a long duration of time increases the chances that the key will be compromised. Key rotation simply provides the ability to update the key material without impacting an application’s use of the key. Previously encrypted data can still be decrypted, but newly encrypted data will only work with the new key version.
5. Key Back-up and Recovery
If the key storage mechanism fails or is compromised, there must be a way to restore the keys (selectively or en masse) to resolve any potential data access issue. Otherwise, the encrypted data is lost forever.
6. Key Revocation and Termination
Every organization needs the ability to revoke, destroy, or take keys offline. In the event data is compromised, an organization can securely delete the keys associated with the compromised systems or data and, by doing so, ensure unauthorized users will never get the keys required to decrypt sensitive assets.
7. Audit Trail for Compliance
Secure, automated, and unified logging and reporting are crucial in order to maintain a requisite risk and compliance position. Every access to keys (from an administrative or consumer perspective) must be logged with details about the function, the user (application or entity), the data accessed, the resources utilized, and when the access took place.
8. High-Availability and Disaster Recovery
Key management usually requires a high level of availability to meet transaction processing requirements. The inability to access keys essentially results in the inability to access information. Clustering can generate a mirror image of a single appliance, which will allow encryption requests to be processed more quickly and ensure data can always be accessible.
Flexibility and interoperability are key characteristics for deploying and operating a key management system. Enterprise key managers can be deployed as a hardware appliance in the data center or software appliances running on private or public clouds. The software appliance provides more flexibility in deployment options. Additionally, there is no need to support key API standards to provide accessibility to keys.
10. Ease of Use
As any system scales, ease of use becomes an increasingly important factor. The ability to group keys, group end points, and assign roles and policies to those groups using a unified management console are the only ways to manage what may amount to millions of keys and operations.
Thales recently launched CipherTrust Manager to provide centralized key lifecycle and policy management across a disparate set of encryption technologies (servers, storage and cloud environments) for structured and unstructured data. I invite you to read more about it in a blog post, “Why centralized key management is critical in the age of digital transformation,” I wrote last month.
For additional information on how CipherTrust Manager can help you implement an enterprise-wide key management solution that can simplify operational complexity and minimize overall risks, please watch our webinar, “Are You The Keymaster? Best Practices in Encryption Key Management.”