How to protect and control encryption key access across its lifecycle.
Encryption technology is one of the most important security features protecting your data. The use of encryption-in-transit secures email, text, and web data so that users can send and receive information without fear of interception or tampering. Meanwhile, encryption at rest protects data where it is stored, so that even if a hacker steals that data, they won’t be able to make use of it.
However, as important as encryption is for the protection of sensitive information, it also comes at a cost. The biggest concern most companies have when encrypting data is that they might inadvertently lock themselves out of their own system. Thus, encryption key management is critical to businesses to ensure that they control and protect access to their data.
In some ways, encrypting data is like storing it in a safe. Once it’s securely in the vault, no one can get it out again without the correct combination. But that’s a double-edged sword: if someone loses the combination, they won’t have access either. And if the combination is left unsecured for anyone to access, then there’s very little purpose in securing the vault in the first place.
Unlike vault combinations, however, encryption algorithms can be changed. This means that encryption keys tend to proliferate as they pass through a life cycle of generation, active use, retirement, deletion, and replacement. Along each of these stages, organizations should have encryption key management procedures in place to safely handle and dispose of these keys.
Symmetrical vs. Asymmetrical Encryption
Before we begin our discussion of the encryption key life cycle, it’s important to understand the difference between symmetrical and asymmetrical encryption. All encryption can be described as first using an algorithm to scramble data into a string of nonsense characters, and then using an algorithm again to descramble that massage back to the original plain text.
When the same algorithm is used to both encrypt and decrypt the message, it is known as symmetrical encryption. However, when one algorithm is used to encrypt the message and a different, paired algorithm is used to decrypt that message, it is known as asymmetrical encryption.
Symmetrical encryption is easier to use, but it doesn’t scale well as its security is limited by the number of people who possess the encryption key. Because anyone with access to the key can both encrypt and decrypt, the more people who have access the less secure the key becomes.
By contrast, asymmetrical encryption, otherwise known as public key cryptography, is more complicated, but provides tighter security. It’s also used more commonly with encryption-in-transit. Asymmetrical encryption uses a matched algorithm to generate two keys: a public key and a private key. While the private key must be kept secure at all times, the public key can be broadcast to anyone. You could post it to Twitter and it wouldn’t compromise the security of your encryption.
This works for two reasons. First, knowing the public key does not give anyone access to the private key; you cannot derive the private key from the public key. Second, while the public key is used to encrypt information, that information can only be decrypted using the private key.
How to manage the encryption key life cycle.
An effective plan for encryption key management should govern the entire crypto period for which a key is in use. A crypto period covers the timespan during which an encryption key is actively used to encrypt data, plus the time in which an organization expects to need access to that data. For instance, a company may decide to use an encryption key to encrypt all data stored on a server for a six-month period, but they may need to access and decrypt that data for longer. The crypto period covers that entire timespan, not just the original six-months in which the key was used to encrypt data.
Encryption keys become more vulnerable with time, not through any fault of their own, but due to the likelihood of them being lost, leaked, or shared among too many people. Plus, the longer a key is used to encrypt data, the more information that key protects. This can lead to a single point of failure situation, where one stolen encryption key can unlock a wealth of critical information. While asymmetrical encryption keys tend to be more durable, at a certain point, encryption keys need to be phased out and replaced.
Thus, a complete life cycle for an encryption key encompasses several stages:
Key generation: When is a key generated, and what information does it protect?
Key storage: Who has access to the key and how is it protected?
Key exchange: How is a key shared with other users?
Key recovery: What process exists for recovering a key if it is lost?
Key deletion: How is a key destroyed once it is no longer in use or if it has been compromised?
In order to manage each stage, your organization will need to conduct a thorough audit of all sensitive information that requires encryption. You will then need to track what keys are used to encrypt that data and when they will be updated and replaced. Encryption keys then need to be stored in a secure location to prevent theft or destruction.
Encryption key management is a critical component of Michigan NIST compliance.
NIST Special Publication 800-57, “Recommendation for Key Management” [PDF], details compliance guidelines for secure encryption key management. If you need assistance securing your data to meet compliance standards in your industry, contact us. We offer a free security audit, and can work with you to create a system that will keep your information and that of your clients secure.