listen to this article:
The level of security provided by a cryptographic system mainly depends on the cryptographic algorithms put in place and the keys used to encrypt the data. However, the former is less of a concern as almost every other enterprise uses secure algorithms such as AES and RSA to protect data, and these don’t really require much maintenance. In contrast, cryptographic keys need to be securely generated, stored, distributed, used, and retired.
Since the keys can offer access to plaintext data, the encrypted data in the organization is only as secure as the key security. This means that every organization needs to establish an encryption key management strategy that ensures security and compliance with the various data protection standards. In this post, we’ll explore some best practices to support your encryption key management strategy.
What is Encryption Key Management?
Key management is the process of managing encryption keys throughout their entire lifecycle, which typically involves key generation, storage, distribution, use, and destruction. This process can be done manually, but enterprises today deal with lots of keys used in functions such as encrypting data, encrypting keys, and other cryptographic use-cases such as authenticating users, code signing, transaction signing, and securing crypto assets.
This means that you will need a cryptographic key management system that handles all cryptographic key processes to ensure no single point of failure and reduces the scope of data protection to just keys and certain metadata. This will secure the data from risks posed by privileged users and ensure regulatory compliance.
Why is Key Management Important?
Key management is the basis of all encryption security. According to NIST publication Recommendation for Key Management:
“The proper management of cryptographic keys is essential to the effective use of cryptography for security. Keys are analogous to the combination of a safe. If a safe combination is known to an adversary, the strongest safe provides no security against penetration. Similarly, poor key management may easily compromise strong algorithms.”
This means that the encryption infrastructure put in place in any organization is only as secure as the keys. Compromising the keys could lead to data loss and privacy breaches that can be costly to the organization.
To prevent such events from happening, every organization needs to put in place a key management strategy and implement several best practices.
Best practices for Enterprise Key Management
Key management practices ensure that an organization chooses an appropriate key management platform and implements it effectively.
Ensure Support for Multiple Encryption Standards
An organization typically chooses the encryption standard they’d like to use for security. However, the encryption key management system needs to offer flexibility by supporting other common encryption standards. This becomes important in mergers and acquisitions where your systems need to integrate with those of your business partners. The flexibility also helps integrate more robust encryption standards to comply with new industry or government rules and regulations.
Create and Enforce a Cryptographic Key Management Policy
Every enterprise should have a key management policy (KMP) that describes the goals, responsibilities, and overall requirements for managing cryptographic keying material. The policy should guide every employee accessing the keys, and it should include protection objectives, what users can and can’t do with the keys, responsibilities for the management of cryptographic keying material, and constraints that apply to the entire key lifecycle.
Implement the Principle of Least Privilege
Organizations should adopt the principle of least privilege in assigning roles and privileges. This would mean that every application would first be authenticated using 2-factor authentication, and it would only have access to the keys it needs to perform it’s assigned duties.
To implement this principle, you need to lay out all tasks and create user profiles to enable segregation of duties. You can then use role-based access controls (RBAC) to restrict permissions to each user, machine, or service account’s specific needs. For highly sensitive operations such as key rotation and deletion, implement quorum authorization, requiring two or more people to authorize an operation before it is carried out. Such an architecture will reduce the attack surface, limit the risk of an insider threat, prevent lateral movement, and limit the damage in case of a breach.
No Decryption or Re-Encryption During Key Rotation
Every key in the organization should have a crypto period which should depend on the sensitivity of the data or keys being protected and the amount of data or keys being protected. However, when performing key rotation or retirement, data should not be decrypted then re-encrypted.
Rather, every encrypted data field or file should be assigned a key profile. This profile can then be used to identify the associated encryption material. This way, new data will be encrypted with a new key, but existing data will still be associated with the original key.
Maintain Comprehensive Logs and Audit Trails
Keeping an audit trail is an essential part of key management as it helps keep track of everything that has happened in the system. This should include all key activities such as generation, usage, and deletion. The logs should contain specifics such as the data accessed, the user, the resources used, and the time the activity took place. On top of that, the key manager should also log all administrative operations. Keeping such logs is essential for reviewing whenever something goes wrong and for auditing to ensure compliance.
On top of logging, you also need to monitor and review the use of keys within the system. This will help identify any irregularities that may signal a breach, and it’s especially crucial for accounts with administrative privileges.
Ensure Crypto Agility
Organizations should ensure that the key management systems they deploy are flexible enough to support changes in business operations (such as moving to the cloud) and encryption standards. While key management can be deployed on-prem, deploying it on the cloud will provide more agility. This will ensure that the system can adopt newer cryptographic algorithms and primitives without requiring a change in the underlying infrastructure.
Centralize Your Encryption Key Management
The number of keys used in an enterprise keep on increasing as the amount of data increases. Managing a huge number of keys can easily lead to errors, and it’s important for an organization to minimize the risk scope while als0 ensuring efficiency.
Centralized key management helps simplify all the management processes by managing all keys in a single pane of glass. The key manager does all generation, storage, rotation, and retirement of keys, and all operations are then synchronized across all data points. This enables the organization to benefit from the efficiency of distributed encryption and decryption while at the same time enhancing security, enforcing usage controls, automating common tasks, and keeping an eye on the usage of all keys.
Enterprise Key Management Use Cases
Key management is crucial in ensuring the security of various cryptographic application areas within an enterprise.
Encryption is the core of information security, and this results in hundreds or even thousands of encryption keys across the enterprise. This includes keys from sensitive processes such as securing secret vaults, encrypting other keys, and encrypting data storages, among others. Such processes are crucial to an enterprise’s overall security and compliance as compromised keys can result in a costly breach.
For example, hackers managed to push malicious firmware to ASUS customers worldwide in 2019 after they had compromised their code signing keys.
Two-factor authentication techniques such as SMS OTP and smart card authentication come with several security risks and/ or usability drawbacks. This has led to the adoption of software-based authentication techniques that take advantage of cryptography-based authentication to authenticate users and machines securely and protect PKI and certificates.
However, these keys need to be managed securely to ensure the full key can’t be found in any single device at any time and that they are refreshed after every transaction. This would then protect the enterprise from attacks such as cloning while at the same time taking advantage of the flexibility of software-based authentication.
Crypto Asset Security
Crypto assets present a unique challenge to the enterprise as the key is the asset. Further, all a hacker needs to transfer funds is a single signature and not access to the physical key. This means that the organization needs to implement a robust key management system that ensures no fraudulent digital signature (transferring the asset) can be obtained by an attacker.
The best way to do this is by using a key management platform that utilizes secure multiparty computation, or MPC. This will enable several parties to generate a standard digital signature without revealing the actual key (the parties will only hold shares of the key). This technology is similar to multisig, but it is much better as the quorum is flexible and the signature generated is compatible with any blockchain and asset, in addition to other benefits.
The Need for Comprehensive Key Management for Enterprise Security & Compliance
Key management can be a complex task owing to the number of keys and processes involved and the sensitivity of the keys and the data they protect. However, organizations can simplify the entire management process by automating most tasks and implementing various key management best practices. By choosing an appropriate software-based key management platform, you can centralize most of the processes to simplify key management while still leveraging your existing HSM infrastructure to maintain a FIPS 140-2 L3 based architecture. This will give you visibility over all key usage and ensure that the organization meets government and industry compliance standards.