listen to this article:
As a technology leader, some of the most important and impactful decisions your organization will rely on you to make concern the security of your organization’s infrastructure and applications. Today’s enterprise systems rely on encryption to protect data. Encryption keys are what allow us to encrypt and decrypt our data as necessary. Protecting the keys themselves is as important as encrypting the data, and properly managing them is critical – especially as your organization grows. This article will consider some of the different management strategies you can implement for your organization’s encryption keys.
We’ll discuss the characteristics of an effective key management strategy, including best practices to implement as well as common pitfalls to avoid. Once you’ve got a solid understanding of what to look for, keep reading for an explanation of some common key management strategies, including the benefits and disadvantages of each one. The needs and requirements of your organization will be unique, and this article will assist in guiding you towards the management strategy that best meets your needs.
Critical Components of a Key Management Strategy
An effective key management system does more than simply storing and controlling access to the encryption keys. Your key management system should also facilitate using the keys to maximize security while minimizing the effort required to use them. In addition to storage and access, the key management system should also support:
- Key generation: The process of creating new cryptographic keys.
- Key exchange: Enabling the exchange of encrypted data between two entities using keys.
- Key storage: Storing the keys securely and supporting disaster recovery and high availability of those keys as necessary.
- Key destruction: Retiring and deleting keys as well as removing all allowable usage of those keys.
- Key replacement: Often called rotation of keys, this involves replacing older keys with new ones and re-encrypting related data.
In addition to the basic functionality of your key management system, you need to consider the needs and requirements of your organization. If you’re leading a small, local team of engineers, then a global, highly available, and state-of-the-art enterprise key management system would be a waste of time and resources. On the other hand, if your organization spans the globe and manages essential services with around-the-clock support needs, that same system might be the only feasible choice.
Strategy 1: Local and Silo Key Management
Local and silo key management are slightly different strategies, but both work well for small teams and minimalist application stacks. You could even argue that local key management isn’t a key management solution at all; instead, you could say it’s just a minimalist approach to providing essential encryption support. Let’s look at both in more detail.
Local Key Management
The key is managed locally within a single or tiny group of systems with the local key management approach. Consider the workstation or device on which you’re reading this article. There is a good chance that the device storage is encrypted and that your account manages the encryption on the device. Signing in with your account activates the key and allows you to access the encrypted data. Networked and shared storage solutions use a similar approach.
If you’re supporting an application, you might build encryption into it. The application might include the key to access encrypted storage, or you might configure your database to encrypt data at rest, transparently decrypting it as authorized users interact with it.
This approach works well for local workstations and applications that don’t rely on sensitive data or have compliance requirements. It’s better than no encryption, but if you’re reading this to decide on a key management system for an organization with more than a few employees, it’s probably not a strategy worth considering.
Silo Key Management
Silo key management is similar to local key management, except the keys are centrally managed for each system. An organization might have a centralized server that contains the encryption keys for all workstations that it owns. The management system on this central server allows keys to be created, restored, and rotated, although the scope is usually limited to a single-use case.
Companies that use the silo key management approach might have one management system for their workstations and a second to manage keys for the databases they support. This strategy allows for centralized key management for each system and may include additional features such as auditing. The silo key management approach works well for small organizations supporting a limited IT ecosystem; however, since each system needs a unique key management system, this approach won’t scale to support additional systems as an organization grows.
Strategy 2: Key Management Service
The local and silo key strategies limit the scope of keys to a single system. If your company supports multiple systems, you would want to consolidate key management into one system, so it’s worth investigating a dedicated key management service. A key management service is a system that’s dedicated to managing keys. Instead of supporting and managing keys in each system, this centralizes everything key-related into one place.
A dedicated key management system is usually more efficient and secure due to years of development and testing. These systems might be available as a service, stand-alone application, or even as a hardened hardware appliance. In addition to consolidating management and support into a central application, you also gain future efficiency as engineers can integrate new systems with the existing key management solution.
Strategy 3: Enterprise Key Management
So far, we’ve limited our discussion to managing encryption keys, but organizations still need to manage SSL certificates and other cryptographic keys, too. An enterprise key management system effectively bundles all of those responsibilities into a single system and manages all types of keys for the organization.
A comprehensive enterprise key management system should be capable of managing all cryptographic keys across your company. These systems are also built with ease-of-use, availability, security, and resilience as foundational elements, resulting in intuitive systems that you can rely on to protect all of your enterprise keys.
Key Management Responsibility Belongs to All of Us
Whether you’re the CTO, a technical leader, or a DevSecOps engineer, the responsibility to recommend and support effective security measures belongs to all of us. Effective security manages the balance between keeping bad actors out and empowering those moving our work forward with the tools and access they need to be effective. Whatever your role in your organization, advocating for a practical and functional key management solution and related industry best practices is part of what we do.