Best Practices for Encryption Key Management
概觀 –
在當前的所有企業的環境中,en,組織利用和管理的數據數量極為巨大,en,這樣的數據不僅對組織有價值,en,但也很大程度上機密。,en, the amount of data that organizations harness and manage is of incredibly huge proportions. Such magnitude of data is not just valuable to organizations, but also confidential to a large extent. Therefore, protecting data from the wrong hands of cybercriminals should naturally be one of the prime objectives of organizations that handle data. Data encryption, therefore, plays a significant role in the process. Encryption allows for data to be rendered useless, should it go into the wrong hands, and encryption keys are the gateway to access data. Thus, managing encryption keys are also a primary concern for organizations, as stolen encrypted data along with its encryption key, is a certainty for misuse. And so, every organization must step up and follow some practices that ensure proper management of encryption keys.
On that note, here are ten of the most commonly well-accepted practices in use.
Correct algorithm and the size of the key
When talking about encryption keys, it is imperative that the correct algorithm and key size is necessarily chosen with utmost importance. A number of factors come into play here, namely usage factor, lifespan, performance and most importantly, the security aspect. The sensitivity of the data should ascertain the length of the key, be it 128/256 bit key sizes for AES or for RSA – 2048 和 4096 bits. At the same time, very lengthy keys can also result in performance issues.
Agility is another very important attribute to have, since it allows for changes to algorithms and keys over time. 隨著時間的推移, algorithms tend to get weaker and hence, it is important to be able to change encryption keys from time to time. Support for multiple standards in terms of algorithms can also be considered, as this may be required in the case of acquisitions or mergers, when other organizations use different encryption standards. Furthermore, the usage of asymmetric keys for data-in-motion and symmetric keys for data-at-rest is also advisable.
Centralization of Key Management System
Organizations tend to use several hundreds or even thousands of encryption keys. Proper and secure storage of these keys can become a massive problem, especially when you require access to such keys on an immediate basis. Hence is the need for a centralized key management system.
The best practice for an organization would be to have their in-house key management service. 但, oftentimes this may not be possible and the use of third-party services may be adopted for a more sophisticated approach. Such keys are usually stored away from the encrypted data. Thus, it serves as an added advantage in the case of a data breach, as the encryption keys is unlikely to get compromised.
The centralized process is also beneficial in terms of processing, as encryption-decryption process happens locally, but the storage, rotation, generation, 等等. happens away from the actual location of the data.
Secure Storage
Considering that encryption keys are always the target for cyber criminals and attackers, it is a good option to have a hardware security module in place for their storage. The usage of HSM assures the organization of strong physical, as well as logical protection.
An organization must have a plan for physical security as well in this regard,
- Limiting physical access control to critical systems
- Fire safety measures
- Structural integrity is to be considered, in the case of natural hazards
- 公用事業,en,例如加熱或空調系統也可能導致故障,en,使用自動化,en,手動密鑰管理的使用不僅是耗時作為一個過程,而且還導致了錯誤的可能性,en,考慮大型組織的可伸縮性因素,en,管理此操作的一種明智的方法是利用自動化,en,生成,en,在設定的時間之後旋轉並更新鍵可以是一個很好的習慣,en,訪問和審核日誌,en,加密鍵必須僅由需要它的人訪問,en,這可以在集中式的密鑰管理過程中定義,以便僅允許僅訪問授權用戶,en,必須不只有一個用戶唯一訪問密鑰的用戶,因為這將創建一個問題,以防用戶碰巧失去憑據,en, such as heating or air-conditioning systems can also cause malfunctioning.
Using Automation
The use of manual key management is not only time consuming as a process but also leads to the possibility of errors, considering the scalability factor at large organizations. A smart way to manage this is to make use of automation. Using automation to generate, rotate and renew keys after certain set times can be a very good practice to adopt.
Access and Audit Logs
Encryption keys must only be accessed by those who require it. This can be defined in the centralized process for key management such that it allows for access only to authorized users only. Also, it is imperative to not have only one user with sole access to the key as this will create a problem in case the user happens to lose credentials.
Furthermore, 審核日誌是加密密鑰管理的另一個非常重要的部分,en,日誌必須詳細說明每個密鑰的歷史記錄,en,是創造,en,刪除及其使用周期,en,所有與此類密鑰有關的操作都必須記錄在其活動方面,en,訪問它的是什麼,何時訪問該鑰匙,en,這是一個很好的做法,可以滿足兩個需求,en,一個用於合規部件,其次,en,為了調查是否要妥協任何鑰匙,en,他們定期分析和報告也是一個有益的過程,en,備份功能,en,損失加密密鑰本質上意味著它保護的數據是無法恢復的,en,因此,需要有一個強大的鑰匙備份設施,en,這確保在需要時可用,en. Logs must detail the history of each key, be it creation, deletion and its usage cycle. All operations pertaining to such keys are required to be recorded with regard to its activity, what accessed it and when did it access the said key. This is a good practice that takes care of two needs, one for the compliance part and secondly, for investigation if any key were to be compromised. Their analysis and reporting at regular intervals is also a beneficial process.
Backup capabilities
The loss of an encryption key essentially means that that the data it protects is rendered unrecoverable. Thus is the need to have a robust key backup facility. This ensures availability of keys whenever required.
這裡要注意的另一點是,還應使用適當的加密標準對後退鍵進行加密,以確保其保護,en,加密密鑰生命週期管理,en,每個加密密鑰都有壽命,en,按照下面提到的步驟,必須正確管理密鑰的工作生命週期,en,鑰匙的產生,en,生成的密鑰應具有很高的隨機性,en,始終建議一些值得信賴的NIST認證隨機數生成器,en,鑰匙的旋轉,en,組織出現的繁瑣問題是在過期或加密密鑰的更改期間,en,這是強制解密然後重新加入所有數據的時候,en,為每個加密文件或數據使用密鑰配置文件可能會有所幫助,en.
Encryption key life cycle management
Each encryption key has a life span. The working life cycle of the key has to be managed properly by following the steps mentioned below.
- Generation of key
The generated key should have very high percentage of randomness. So, some trusted NIST certified random number generator is always recommended.
- Rotation of Key
A cumbersome issue that arises for organizations is during the expiration or the change of encryption keys. This is when it is compulsory to decrypt and then re-encrypt all the data.
但, the use of a key profile for every encrypted file or data can be helpful. The key profile allows one to identify the encryption resources for the decryption of the database. On expiration of keys, the key profile takes care of the encryption process using the new key. For existing data, it identifies the actual key.
- Retirement of key
A key should be permanently deleted when it is no more in use. It reduces the usage of un-used keys and protect the system.
Third-party integration
Organizations, without any doubt whatsoever, will surely use external devices. These, in fact, will be spread across the network and will perform their functions. 但, such devices tend to not interact with databases as much. So, to enable their functionality, encryption methods chosen should be compatible in nature, with respect to the third-party applications it interacts with.
The biggest risks with third party API integration are SQL injection, cross site scripting, denial of service, spoofing, malware code and many more. So, API security is a real BIG problem. In this critical situation, API Management Platforms can give us some relief. These platforms provide monitoring, analytics, alerting, life-cycle management features (蜜蜂) to ensure the safety and security of your business. Some of the popular API management tools are Google Apigee, IBM API Connect, Amazon API Gateway, Azure API Gateway etc.
The Principle of Least Privilege
The principle states that organizations must provide administrative rights solely on the basis of user roles. This limits assigning administrative rights to applications and in the process, reduces exposure to internal and external threats. By limiting access and following a role-based access control approach, one can limit the possibility of potential damage.
This principle of least privilege is also applicable to all connected software applications, systems, devices and other non-human tools. To implement the principle of least privilege principle effectively, a centralized control and management system is essential. The centralized privilege control system will reduce “privilege creep” and ensure minimum level of access to human and non-human entities.
Termination of Keys
The ability to revoke and terminate keys is essential for any organization. This largely applicable when data is compromised and in doing so, unauthorized users are denied the possibility of having keys to access sensitive data.
結論
An efficient and centralized Key Management System allows an organization to improve on performance, ensure compliance and above all, reduce risk to a large extent. While there is several mix and match options to get the best fit for an organization, it should be one that is well-suited for the immediate and the future state of an organization. Hope this article will help you to understand the best practices and explore new things.
