A rising share of corporations’ data is sensitive. Encryption protects personally identifiable information (PII) protected by GDPR, CCPA, HIPAA, or other requirements, valuable intellectual property, and other private enterprise data from cybercriminals.
When encrypting data, a “key” is needed. With this encryption key, you may decode the data. Therefore, the key must be safeguarded like the data. As you encrypt more data, you’ll need to handle additional encryption keys.
You don’t have full control of your encryption keys if you don’t know where they are, who has access to them, what they’re used for, and when they were last used. This puts you open to a data breach, which might lead to fines, reputation damage, and a falling share price. These are significant concerns for financial data sharing solutions. How do you maintain visibility and control when the number of keys grows? How can you prevent an unhappy employee from deleting encryption keys and destroying data?
Lifecycle Management is Essential
Each encryption key is produced, has a functioning lifespan, and then dies. Each phase must be controlled: Strong cryptographic keys must be generated. This requires unpredictability, like a password.
Like passwords, encryption keys should be routinely changed (or “rotated”). The frequency of rotation varies on key type, usage, and location.
Unneeded keys are retired. This implies eliminating it permanently to remove any danger and lower the number of active keys.
Accessing, managing, and using encryption keys requires authentication and authorization. RBAC should be used to restrict rights depending on each user’s needs, enabling division of roles to minimize malicious activity risk and damage.
For sensitive keys, vital operations should use dual control. Before an operation may begin, a quorum of “m of n” individuals must approve it.
From their origination point to their usage system, keys must often be disseminated. This should be done with a secure API like KMIP (KMIP). Online key distribution should always be protected by “wrapping” keys with a transit key and/or via a secure, encrypted, and authenticated communications channel (e.g. TLS).
When transporting a key offline, it should be wrapped in a secure transit key and/or divided into 2 or 3 components. This uses the “split knowledge principle” to ensure that no one has access to more than one component, which is worthless without the other.
Keys must always be available when needed, or encrypted data cannot be used. High availability is a design requirement. Key loss renders data permanently unavailable, thus safe backup is very vital.
Audit logs should record each key’s creation, use, and destruction. Every action, who or what did it, and when it happened should be recorded. This helps with compliance audits and forensic investigations if a key is compromised. SIEM tools combine numerous logs for analysis and reporting.
All major management operations must follow stringent, well-defined protocols to guarantee best practices are followed. Regular audits should guarantee staff compliance with appropriate processes. There should be processes to manage compromised keys.
As firms encrypt more data, it becomes impossible to handle keys manually or with a fragmented set of tools controlled by multiple departments — this doesn’t scale. When you have hundreds or thousands of encryption keys, you need a KMS.