Last updated: 16 May 2016
As we discussed in part 3 and 4 of this series, encryption is only the first step to securing your data. If an organization doesn’t take the time to properly secure the keys, all of that encryption could be rendered useless. Step 2 of the Secure the Breach strategy urges organizations to securely manage and store the encryption keys.
My colleagues and I often compare storing encryption keys in software to hiding your house keys under the welcome mat at the front door.
While this analogy does an excellent job of illustrating the inherent insecurity of such an approach, I am sure many of you can recall friends and neighbors (perhaps even your own parents), who did something similar with their own house keys.
The key was buried in the soil of a potted plant, stashed behind a mailbox, or maybe hidden under a garden gnome. Why? Because it was convenient. If you forgot your keys, or your children were locked out, you could quickly get the spare key from that “secret place” and get in safely.
We considered the keys secure and the house safe because we disguised the location of the key, and felt only those who knew the key’s location could use it. We also assumed that our houses would be an unlikely target.
Convenience, accessibility, and a false sense of security is also why three-quarters of organizations admit to storing encryption keys in software. For so long storing keys in software has been seen as “secure enough.” The breach landscape has changed, and so too has the definition of “secure enough.”
The problem is getting worse over time as the use of encryption continues to grow. As new breaches occur, more and more organizations are turning to encryption to protect their data. Unfortunately many of these organizations deploy encryption-dependent systems like secure web services, encrypted backups, certificate authorities, or other encryption solutions in isolation without fully understanding how this affects the vulnerability of their keys.
The Importance of Key Security
The threat posed by compromised keys goes beyond simple theft. Sure, a burglar could find your house key, break in, and steal your television—but they could also make a copy of that key, replacing the original, and returning any number of times to steal valuables, spy on your family, or even impersonate you for their own gain, all without your knowledge. The same is true in the digital world.
Stolen keys can be used to decrypt sensitive data, sign malicious code that could be used to spy on your organization, and even impersonate you companies’ web server. Without proper control, including the means to audit locations, limit copies, and restrict access, there would be no way of telling who had used the keys maliciously.
Protecting Keys in the Secure Breach Era
Organizations today manage thousands of keys across a myriad of encryption-dependent systems each with their own key management and associated policies. To ensure security, organizations must establish a centralized policy around the protection, storage, back-up and organization of encryption keys. This policy should be part of a holistic, strategic security plan that achieves the following objectives:
- Securing keys throughout the key lifecycle. Reduce the exposure of cryptographic keys throughout the key lifecycle. This lifecycle includes generation, usage, distribution, and destruction.
- Secure key storage. Keys should also be stored securely throughout their operational life. Hardware devices provide the most secure option for key storage. Examples of these devices include identity tokens (smartcards, USB tokens); trusted platform modules in desktop computers; embedded modules in special purposed devices (i.e. tape/disk drives) and, of course, hardware security modules.
- Key usage authorization. Access control, authentication of users and confidentiality protection are all critical to ensuring that keys can be used only for authorized purposes by authorized entities.
- Accountability. Certain actions around cryptographic keys should trigger audits entries. The audit logs should be cryptographically secure and time-stamped to ensure their integrity.
With a centralized policy around key management in place, organizations can effectively decrease key exposure, consistently enforce policy across all encryption systems, and streamline administration.
Download the Secure the Breach Research Kit to learn how to use authentication, encryption, and key management to prepare for a breach effectively.
The kit includes access to the Secure the Breach manifesto, white paper, and other helpful resources.