Securing the Breach with Crypto Management
Where are Your Keys?
Identifying and encrypting all of the sensitive data within an organization is just the first step to securing the breach. Encryption requires encryption keys and many times the management of these keys is imprudently overlooked. With data encryption in place, risk is removed from the data, and placed on the encryption keys. In this way, crypto keys become a treasure map for our sensitive data and steps must be taken to ensure keys remain safe from intruders. Lost or stolen keys could compromise an entire encryption infrastructure.
Deploying a high-assurance crypto management platform is the best way to protect your cryptographic keys. This approach is built on encryption keys with both the entropy and the key strength required to protect even the most sensitive data, as well as continual key maintenance and management.
A crypto management platform is used to generate, store, and securely manage these keys, so even if data is seized it cannot be decrypted.
Crypto Management - Store & Manage Keys
Encryption can be undermined if the encryption keys reside within the data. A crypto management platform is used to generate, store, and securely manage these keys, so even if data is seized it cannot be decrypted.
Key management centralizes and supports cryptographic keys throughout their lifecycle, across the entire enterprise. On-going rotation, storage, backup, deletion and creation of keys is required to avoid security vulnerabilities leading to exposed data.
Without an enterprise-wide key manager, maintaining these disparate encryption systems becomes time consuming and unmanageable. Since keys are being stored in a variety of places, often on the very systems containing sensitive data, they are vulnerable to theft and misuse. Furthermore, backed up keys are not being secured while in transit, leaving another area of exposure.
Restricting access to these cryptographic keys is also best practice and ensuring that no single user has rights to everything is critical. Instead, an organization should enforce separation of duties. Grant administrators access only to the areas that make sense. For instance, IT can manage data resources, without having access to the information inside those files.
Hardware Security Modules (HSMs)
The level of security surrounding the key storage container is also of utmost importance, otherwise, encryption keys can be stolen, copied, and used maliciously. Organizations should consider storing their keys in a hardware security module. HSMs serve as an isolated, tamper resistant, responsive platform that acts as a root of trust for the entire encryption environment. By removing physical key storage devices from appliances, you can add another line of defense against security breaches.
As more organizations rely on encryption as the only way to truly protect their data, crypto management becomes a vital part of the strategy. Learn more about how to identify your sensitive data and encrypt it. Learn more about our data encryption solutions.
Gemalto’s crypto foundation streamlines and centralizes enterprise-wide encryption and key management, ensuring that all sensitive workloads are closely monitored and protected - Learn more about our crypto management solutions.