Key Management Best Practice For Complex IT Infrastructure
By Marcella Arthur, Vice President Global Marketing, Unbound Security
The mass migration of workloads to the cloud and the growing use of hybrid infrastructures present real difficulties when it comes to the use of encryption keys to protect data and applications.
As organizations seek greater agility, innovation and reduced costs in these complex environments, they expand their perimeters and face ever-more sophisticated threats such as hijacking of cloud services, the criminal use of AI and ML and the emergence of cyber-espionage-for-hire. All this while ransomware and phishing attacks continue to increase.
Key management is the basis of all encryption security. Bad or weak key management will quickly undermine the strength of any cryptographic algorithm, potentially leading to very costly and embarrassing data loss and privacy breaches.
To prevent such nightmares, every organization needs to put in place a key management strategy and implement several best practices, optimizing keys throughout their lifecycles. This typically involves generation, storage, distribution, use, and destruction. Key management is critical when enterprises now use keys to encrypt data, keys, and for purposes such as authenticating users, code-signing, transaction-signing, and securing crypto assets. But with so much to consider it can easily become overwhelming. So how can organizations get key management right?
Ensure your key system supports multiple encryption standards
An encryption key management system should offer flexibility by supporting other common encryption standards. This is important in mergers and acquisitions where systems must integrate with new partners. This flexibility also helps integrate more robust encryption standards to comply with new industry or government rules and regulations. Changes in business operations, such as moving to the cloud, are frequent and far-reaching, and demand compliance with different encryption standards. While key management can be deployed on-premises, deploying it on the cloud will provide more agility. This will ensure the system can adopt newer cryptographic algorithms and primitives without requiring a change in the underlying infrastructure.
Create and enforce a cryptographic key management policy
Every enterprise should have a key management policy (KMP) that describes the goals, responsibilities, and overall requirements for managing cryptographic keying material. The policy should guide every employee accessing the key and include protection objectives, what users can and can’t do with the keys, responsibilities for the management of cryptographic keying material, and constraints that apply to the entire key lifecycle.
Implement the principle of least privilege
Least privilege is an important principle when it comes to assigning roles and privileges. Every application should first be authenticated using two-factor authentication, and only have access to the keys required for its assigned duties.
Best practice here is to lay out all tasks and create user profiles to enable segregation of duties. Enterprises can then use role-based access controls (RBAC) to restrict permissions to each user, machine, or service account’s specific needs. For highly sensitive operations such as key rotation and deletion, an organization should implement quorum authorization, requiring two or more people to authorize an operation before it is carried out. Such architecture will reduce the attack surface, limit the risk of an insider threat, prevent lateral movement, and limit the damage in case of a breach.
It is worth bearing in mind, however, that two-factor authentication techniques such as SMS OTP and smart card authentication come with several security risks and usability drawbacks. This has led to the adoption of software-based authentication using cryptography to authenticate users and machines securely and protect PKI (public key infrastructure) and certificates.
However, these keys need to be managed securely to ensure the full key can’t be found in any single device at any time and that they are refreshed after every transaction. This would then protect the enterprise from attacks such as cloning while at the same time taking advantage of the flexibility of software-based authentication.
Do not decrypt or re-encrypt data during key rotation
Every key in the organization should have a crypto period which should depend on the sensitivity and amount of the data or keys protected. However, when performing key rotation or retirement, data should not be decrypted then re-encrypted.
Rather, every encrypted data field or file should be assigned a key profile which can be used to identify the associated encryption material. This way, new data will be encrypted with a new key, but existing data will still be associated with the original key.
Maintain comprehensive logs and audit trails
Audit trails are an essential part of key management, essential for compliance and for incident analysis. Audit logs should include all key activities such as generation, usage, and deletion. They should contain specifics such as the data accessed, user, resources used, and time. The key manager should also log all administrative operations.
These capabilities are important. Enterprises must be able to monitor and review the use of keys within its system. This will help identify any irregularities that signal a breach, which is especially crucial for accounts with administrative privileges.
Centralize your encryption key management
Centralizing management is vital to both security and organizational efficiency. The number of keys used in an enterprise expands as data volumes grow. Managing such huge numbers of keys can easily lead to errors.
Enterprises should centralize key management behind a single pane of glass. Keys stored on a network should be brought into a key store – preferably software-based. Organizations can simplify the entire management process by automating most tasks. A software-based key management platform centralizes most of the processes to simplify key management while still leveraging existing HSM infrastructure to maintain a FIPS 140-2 L3 based architecture. This will give an enterprise visibility over all key usage and ensure it meets government and industry compliance standards.
Advanced orchestration platforms excel at handling all generation, storage, rotation, and retirement of keys, and synchronize operations across all data points. This enables the organization to benefit from the efficiency of distributed encryption and decryption while at the same time enhancing security. The ideal is for this system to integrate with an enterprise’s SIEM for real-time notification of anomalous behavior.
Secure crypto assets using multi-party computation
Crypto assets present a unique challenge to the enterprise as the key is the asset. All a hacker needs to transfer funds, for example, is a single signature and not access to the physical key. Organizations should deploy a key management platform that utilizes secure multi-party computation, or MPC to ensure no fraudulent digital signature (transferring the asset) can be obtained by an attacker. This will enable several parties to generate a standard digital signature without revealing the actual key (the parties will only hold shares of the key). Other advantages here are that the quorum is flexible and the signature generated is compatible with any blockchain and asset, in addition to other benefits.
Safeguarding the business
Security threats are changing and will continue to evolve and only by following these set of best practices, organizations can improve their cyber security posture and increase cyber resilience. By implementing a truly effective cryptographic key management system that can handle all cryptographic key processes, enterprises can ensure there is no single point of failure and reduce the scope of data protection to just keys and certain metadata. This secures data from risks posed by privileged users and ensures regulatory compliance. It also provides much tougher security against proliferating external threats and the expanded attack surfaces presented by hybrid and cloud infrastructures.