More businesses have come to rely on the use of public cloud environments as these environments have been proven to provide more security than typical on-premises data centers. However, while these cloud solutions are considered secure, it is essential that businesses maintain control of their own critical cryptographic keys to keep data that is migrating between their data centers and the cloud secure at all times. The data is kept safe, and its privacy guaranteed only when it is continuously encrypted. This requires the security that can only be provided by hardware security modules.
Maintaining Cryptographic Key Ownership through BYOK
Best practices call for businesses to maintain control over their cryptographic keys. This assures sound governance, compliance and internal controls. Businesses must be mindful that by taking advantage of what the cloud offers, that the theft, loss or misuse of just even one critical key could significantly impact their organization in a negative way by:
- Loss of control over data and vendor lock-in
- Loss of revenue
- Business operational process disruption
- Causing serious damage to their reputation
- Triggering falling share prices
- Legal consequences
“Bring Your Own Key” (BYOK) allows businesses to maintain cryptographic key control and take full advantage of what a hybrid cloud environment offers. When applications run, encryption keeps data protected at all times, whether it is:
- At rest in a database
- In transit between user devices and data centers
- At public endpoints through TLS
BYOK ensures that third-parties, including cloud service providers, cannot gain access to the business’s critical keys in an unencrypted form. This provides further protections against insider attacks or other unauthorized access to data. It also prevents businesses from falling victim to a cloud vendor lock-in. Without BYOK, a business can find moving their data to a different cloud or subscription service to be costly and time-consuming.
Keeping Keys Secure in a Hybrid Cloud Environment with an HSM
Properly managing the life-cycle of the many cryptographic keys a business may use is essential to maintaining the security of applications and data in a hybrid environment. Encryption can only be effective when these crypto keys are protected, and this is where a hardware security module (HSM) is a must along with a centralized key management system to manage key life-cycles.
An HSM protects critical cryptographic keys in a dedicated hardware-based appliance that provides a root of trust over the business’s keys, data, and applications because it:
- Protects cryptographic material and keeps it hidden at all times
- Keeps decryption keys separate from encrypted data to provide an extra layer of security in the event of a data breach thus preventing exposure of encrypted data
- Strengthens encryption practices through the entire key lifecycle from generation to storage, distribution, back-up, and ultimately, destruction
- Limits access through a strictly controlled network interface
- Is built with secure hardware that is resistant to hacking attempts
- Runs on a secure operating system
- Simplifies compliance and auditability through certified hardware and easier audit reporting
- Allows for scalability and multi-tenancy of the security architecture
A hybrid cloud mandates a network of HSMs which need to be as follows:
1. The master HSM in the organization’s central data center, allowing for centralized key life cycle management. The local data center can then be managed directly by this central HSM.
2. Data centers in decentralized locations or in the cloud need a local or cloud-based HSM.
These subordinate HSMs receive application keys in an encrypted form (through a so-called Key Encryption Key KEK). The keys are accommodated in the local or cloud HSMs (never accessible to third parties or cloud service providers). Data is encrypted at rest and in transit, and securely used in applications, protected by Public Key or Symmetric Key Infrastructures. The owner of the central HSM stays in control and is able to conduct central audits, whereas third parties are unable to access data in its encrypted state.
References
Blog post by Dawn Illing.