Current Threat: In response to security threats and regulatory mandates, enterprises have adopted a range of encryption technologies, but regardless of which technology is implemented, cryptographic keys are the essential foundation of the security solution. If private keys fall into the wrong hands—whether through negligence or a malicious internal or external attack—the security of your encrypted data is permanently compromised—resulting in data breaches not only by outsiders, but company personnel. Ingrian’s white paper offers guidance for enterprise key management, outlining the critical system components required, and the essential criteria with which to evaluate an effective solution.
Key management comprises all of the processes that are used to create, store, distribute, rotate, archive, and delete keys. To ensure encryption meets its objectives, all these phases must be conducted in a manner that is secure, reliable, and auditable.
Further, to effectively manage keys within an enterprise, security teams need a single solution that can be integrated with multiple key management and security products from a range of vendors. For example, in an enterprise that has implemented database, application, and storage encryption technologies, the cost and management overhead of implementing a vendor-specific key management solution for each product could be prohibitively high. Multiple different resources would need to be trained and managed. Auditing and record keeping would be extremely complex. Overall, there would be increased risk of either not meeting compliance requirements or not being able to recover data because of misplaced keys.
The Ingrian DataSecure platform features secure centralized management, highly granular control and comprehensive auditing and logging using an integrated, appliance-based approach that significantly reduces maintenance costs and can interoperate seamlessly with other security solutions, enabling organizations to manage multi-vendor security deployments with unprecedented ease.
Enterprise key management will often mean balancing a number of different and sometimes apparently contradictory requirements. In general, all of the following criteria must be considered:
Security: Administrators, users, partners, and customers need to know they can trust that their data and identities are safe at all times.
Performance: The system must function in a manner that is transparent to legitimate data users and business processes, and it must scale easily.
Flexibility: The system must be adaptable to a range of environments and be capable of integration, through standard interfaces, with all types of data encryption systems from a range of vendors. Interoperability and adherence to industry standards is also an important consideration.
Manageability: Key and policy management must be simple and intuitive so that administrators fully understand—and granularly control—system status at all times. There must also be capabilities for logging and auditing all administrator and user actions.
Availability: The system must be able to recover in the event of one or more network or equipment failures, or even a widespread disaster.
The first step in ensuring security is to deploy a key management solution that enables administrators to manage keys from a single central authority. A good key management system should also let you know what other devices have copies of a key. Ideally, it would be able to set limits on how long those other devices can keep copies of a given key, although this requires some trust that the other device will actually delete the copy. The central authority may decide to delegate authority to other parts of the organization, but should have the ability to take back control in the event of system abuse or failure. Centralized logging and auditing is also enabled so that all user and administrator actions can be tracked.
Secure key management must also enforce separation of duties. This is required in order to prevent an administrator from having sufficient permissions to carry out an internal attack.
The system should also provide a location for key storage that is separate from the location that holds the encrypted data. Storing keys on the same application or database servers that hold sensitive data presents significant security risks when compared to storing keys on purpose built security appliances. When cryptographic keys are stored on unsecured platforms, attackers can gain access to them very quickly. While a system that stores keys and data in the same location may still be compliant with some security standards, clearly encryption is worthless if such a location has been compromised.
Ingrian incorporates all of these approaches and technologies for key management into their DataSecure Platform appliance, which is the only hardware-based encryption system on the market that provides end-to-end encryption and key management for unstructured to structured data.
Conclusion: Ingrian offers a solution that brings unparalleled cost effectiveness, security, and control to enterprise key management. With Ingrian, organizations gain the ability to leverage a common enterprise key management architecture that supports heterogeneous enterprise environments regardless of size or complexity.
Ingrian Networks, Inc
350 Convention Way
Redwood City, CA 94063-1405
Download the document
From Info Security Products Guide site: CLICK HERE