In the current environment, the amount of data that organizations harness and manage is of incredibly huge proportions. Such magnitude of data is valuable to organizations, and to a large extent, it is often confidential. Therefore, protecting data from the hands of cybercriminals should naturally be one of the prime objectives of organizations that handle data.
Data encryption, therefore, plays a significant role in the process. Encryption allows for data to be rendered useless should it go into the wrong hands. Encryption keys are the gateway to access data.
Encryption keys fall into two categories: symmetric and asymmetric. A symmetric key is used for data-at-rest and uses the same key to encrypt and decrypt the data. Asymmetric keys, on the other hand, are used for data-in-motion and rely on both a public key and a related but separate private key.
Managing these encryption keys must also be a primary concern for organizations. If the encryption key is stolen alongside the encrypted data, the encryption is virtually useless. And so, every organization must step up and follow some practices that ensure proper management of encryption keys.
On that note, here are ten encryption key management best practices in use.
1. Encryption Key Algorithm and Size
When talking about encryption keys, that the correct algorithm and key size be chosen is of utmost importance. A number of factors come into play here, namely usage factor, lifespan, performance, and most importantly, the security aspect. The sensitivity of the data should ascertain the length of the key, be it 128/256-bit key sizes for AES or for RSA – 2048 and 4096 bits. At the same time, very lengthy keys can also result in performance issues.
Agility is another very important attribute to have since it allows for changes to algorithms and keys over time. Over time, algorithms tend to get weaker, and hence, it is important to be able to change encryption keys from time to time. Support for multiple standards in terms of algorithms can also be considered, as this may be required in the case of acquisitions or mergers when other organizations use different encryption standards. Furthermore, the usage of asymmetric keys for data-in-motion and symmetric keys for data-at-rest is also advisable.
2. Centralization of Key Management System
Organizations tend to use several hundred or even thousands of encryption keys. Proper and secure storage of these keys can become a massive problem, especially when you require access to such keys on an immediate basis. Hence the need for a centralized key management system.
The best practice for an organization would be to have an in-house key management service. However, oftentimes this may not be possible, and the use of third-party services may be adopted for a more sophisticated approach. Such keys are usually stored away from encrypted data. This serves as an added advantage in the case of a data breach, as the encryption keys are unlikely to get compromised.
The centralized process is also beneficial in terms of processing, as the encryption-decryption process happens locally, but the storage, rotation, generation, etc., happens away from the actual location of the data.
3. Secure Storage
Considering that encryption keys are often the target for cybercriminals and attackers, it is a good option to have a hardware security module (HSM) in place for their storage. The usage of HSM assures the organization of strong physical as well as logical protection.
An organization must have a plan for physical security as well:
Limiting physical access control to critical systems.
Maintaining fire safety measures.
Ensuring structural integrity in the case of natural hazards.
Protecting from utilities (such as heating or air-conditioning systems) that could cause malfunctions.
4. Using Automation
The use of manual key management is not only time-consuming as a process but also leads to the possibility of errors, considering the scalability factor at large organizations. A smart way to manage this is to make use of automation. For example, using automation to generate, rotate, and renew keys after certain set times can be a very good practice to adopt.
5. Access and Audit Logs
Encryption keys must only be accessed by those who require it. This can be defined in the centralized process for key management such that it allows for access only to authorized users. Also, it is imperative to not have only one user with sole access to the key, as this will create a problem if the user happens to lose their credentials or things are somehow corrupted.
Furthermore, audit logs are another vital part of encryption key management. Logs must detail the history of each key, be it creation, deletion, or usage cycle. All operations pertaining to such keys are required to be recorded with regard to their activity, what accessed it, and when it accessed the said key. This is a good practice that takes care of two needs, one for the compliance part and, secondly, for investigation if any key were to be compromised. Their analysis and reporting at regular intervals is also a beneficial process.
6. Backup Capabilities
The loss of an encryption key essentially means that the data it protects is rendered unrecoverable. Hence the need to have a robust key backup facility. This ensures the availability of keys whenever required.
Another point to take note of here is that the backed up keys should also be encrypted using proper encryption standards to ensure their protection.
7. Encryption Key Life Cycle Management
Each encryption key has a life span. The working life cycle of the key has to be managed properly by following the steps mentioned below.
Generation of key
The generated key should have a very high percentage of randomness. Using a trusted NIST-certified random number generator is always recommended.
Rotation of Key
A cumbersome issue that arises for organizations is during the expiration or the change of encryption keys. This is when it is compulsory to decrypt and then re-encrypt all the data.
However, the use of a key profile for every encrypted file or data can be helpful. The key profile allows one to identify the encryption resources for the decryption of the database. On expiration of keys, the key profile takes care of the encryption process using the new key. For existing data, it identifies the actual key.
Retirement of key
A key should be permanently deleted when it is no longer in use. It reduces the usage of unused keys and protects the system.
8. Third-party Integration
Organizations will surely use external devices. These will be spread across the network to perform their functions. However, such devices tend to not interact with databases as much. So, to enable their functionality, the encryption methods chosen should be compatible in nature with respect to the third-party applications they interact with.
The biggest risks with third-party API integration are SQL injection, cross-site scripting, denial of service, spoofing, malware code, and many more. So, API security can be a big problem. In this critical situation, API Management Platforms can give us some relief. These platforms provide monitoring, analytics, alerting, and life-cycle management features (APIs) to ensure the safety and security of your business. Some of the popular API management tools are Google Apigee, IBM API Connect, Amazon API Gateway, and Azure API Gateway.
9. The Principle of Least Privilege
The principle of least privilege states that organizations must provide administrative rights solely on the basis of user roles. This limits assigning administrative rights to applications and, in the process, reduces exposure to internal and external threats. By limiting access and following a role-based access control approach, one can limit the possibility of potential damage.
This principle of least privilege is also applicable to all connected software applications, systems, devices, and other non-human tools. To implement the principle of least privilege principle effectively, a centralized control and management system is essential. The centralized privilege control system will reduce “privilege creep” and ensure a minimum level of access to human and non-human entities.
10. Termination of Keys
The ability to revoke and terminate keys is essential for any organization. This is largely applicable when data is compromised, and in doing so, unauthorized users are denied the possibility of having keys to access sensitive data.
An efficient and centralized encryption Key Management System allows an organization to improve on performance, ensure compliance, and above all, reduce risk to a large extent. While there are several mix-and-match options to get the best fit for an organization, it should be one that is well-suited for the immediate and future state of an organization. Hope this article will help you to understand the best practices and explore new things.