Overview –
In the current environment for all businesses, the amount of data that organizations harness and manage is of incredibly huge proportions. Such magnitude of data is not just valuable to organizations, but also confidential to a large extent. Therefore, protecting data from the wrong hands of cybercriminals should naturally be one of the prime objectives of organizations that handle data. Data encryption, therefore, plays a significant role in the process. Encryption allows for data to be rendered useless, should it go into the wrong hands, and encryption keys are the gateway to access data. Thus, managing encryption keys are also a primary concern for organizations, as stolen encrypted data along with its encryption key, is a certainty for misuse. And so, every organization must step up and follow some practices that ensure proper management of encryption keys.
On that note, here are ten of the most commonly well-accepted practices in use.
Correct algorithm and the size of the key
When talking about encryption keys, it is imperative that the correct algorithm and key size is necessarily chosen with utmost importance. A number of factors come into play here, namely usage factor, lifespan, performance and most importantly, the security aspect. The sensitivity of the data should ascertain the length of the key, be it 128/256 bit key sizes for AES or for RSA – 2048 and 4096 bits. At the same time, very lengthy keys can also result in performance issues.
Agility is another very important attribute to have, since it allows for changes to algorithms and keys over time. Over time, algorithms tend to get weaker and hence, it is important to be able to change encryption keys from time to time. Support for multiple standards in terms of algorithms can also be considered, as this may be required in the case of acquisitions or mergers, when other organizations use different encryption standards. Furthermore, the usage of asymmetric keys for data-in-motion and symmetric keys for data-at-rest is also advisable.
Centralization of Key Management System
Organizations tend to use several hundreds or even thousands of encryption keys. Proper and secure storage of these keys can become a massive problem, especially when you require access to such keys on an immediate basis. Hence is the need for a centralized key management system.
The best practice for an organization would be to have their in-house key management service. However, oftentimes this may not be possible and the use of third-party services may be adopted for a more sophisticated approach. Such keys are usually stored away from the encrypted data. Thus, it serves as an added advantage in the case of a data breach, as the encryption keys is unlikely to get compromised.
The centralized process is also beneficial in terms of processing, as encryption-decryption process happens locally, but the storage, rotation, generation, etc. happens away from the actual location of the data.
Secure Storage
Considering that encryption keys are always the target for cyber criminals and attackers, it is a good option to have a hardware security module in place for their storage. The usage of HSM assures the organization of strong physical, as well as logical protection.
An organization must have a plan for physical security as well in this regard,
- Limiting physical access control to critical systems
- Fire safety measures
- Structural integrity is to be considered, in the case of natural hazards
- Utilities, such as heating or air-conditioning systems can also cause malfunctioning.
Using Automation
The use of manual key management is not only time consuming as a process but also leads to the possibility of errors, considering the scalability factor at large organizations. A smart way to manage this is to make use of automation. Using automation to generate, rotate and renew keys after certain set times can be a very good practice to adopt.
Access and Audit Logs
Encryption keys must only be accessed by those who require it. This can be defined in the centralized process for key management such that it allows for access only to authorized users only. Also, it is imperative to not have only one user with sole access to the key as this will create a problem in case the user happens to lose credentials.
Furthermore, audit logs are another very vital part of encryption key management. Logs must detail the history of each key, be it creation, deletion and its usage cycle. All operations pertaining to such keys are required to be recorded with regard to its activity, what accessed it and when did it access the said key. This is a good practice that takes care of two needs, one for the compliance part and secondly, for investigation if any key were to be compromised. Their analysis and reporting at regular intervals is also a beneficial process.
Backup capabilities
The loss of an encryption key essentially means that that the data it protects is rendered unrecoverable. Thus is the need to have a robust key backup facility. This ensures availability of keys whenever required.
Another point to take note of here is that the backed up keys should also be encrypted using proper encryption standards to ensure their protection.
Encryption key life cycle management
Each encryption key has a life span. The working life cycle of the key has to be managed properly by following the steps mentioned below.
- Generation of key
The generated key should have very high percentage of randomness. So, some trusted NIST certified random number generator is always recommended.
- Rotation of Key
A cumbersome issue that arises for organizations is during the expiration or the change of encryption keys. This is when it is compulsory to decrypt and then re-encrypt all the data.
However, the use of a key profile for every encrypted file or data can be helpful. The key profile allows one to identify the encryption resources for the decryption of the database. On expiration of keys, the key profile takes care of the encryption process using the new key. For existing data, it identifies the actual key.
- Retirement of key
A key should be permanently deleted when it is no more in use. It reduces the usage of un-used keys and protect the system.
Third-party integration
Organizations, without any doubt whatsoever, will surely use external devices. These, in fact, will be spread across the network and will perform their functions. However, such devices tend to not interact with databases as much. So, to enable their functionality, encryption methods chosen should be compatible in nature, with respect to the third-party applications it interacts with.
The biggest risks with third party API integration are SQL injection, cross site scripting, denial of service, spoofing, malware code and many more. So, API security is a real BIG problem. In this critical situation, API Management Platforms can give us some relief. These platforms provide monitoring, analytics, alerting, life-cycle management features (APIs) to ensure the safety and security of your business. Some of the popular API management tools are Google Apigee, IBM API Connect, Amazon API Gateway, Azure API Gateway etc.
The Principle of Least Privilege
The principle states that organizations must provide administrative rights solely on the basis of user roles. This limits assigning administrative rights to applications and in the process, reduces exposure to internal and external threats. By limiting access and following a role-based access control approach, one can limit the possibility of potential damage.
This principle of least privilege is also applicable to all connected software applications, systems, devices and other non-human tools. To implement the principle of least privilege principle effectively, a centralized control and management system is essential. The centralized privilege control system will reduce “privilege creep” and ensure minimum level of access to human and non-human entities.
Termination of Keys
The ability to revoke and terminate keys is essential for any organization. This largely applicable when data is compromised and in doing so, unauthorized users are denied the possibility of having keys to access sensitive data.
Conclusion
An efficient and centralized Key Management System allows an organization to improve on performance, ensure compliance and above all, reduce risk to a large extent. While there is several mix and match options to get the best fit for an organization, it should be one that is well-suited for the immediate and the future state of an organization. Hope this article will help you to understand the best practices and explore new things.