To secure the cloud, keep all your keys in one place

Maintaining data security in an increasingly cloud-based world presents a host of new IT challenges. No longer is your data necessarily stored on-premise or even on systems you own. The cloud opens organizations to new possibilities — and dangers.

In this week’s New Tech Forum, Larry Warnock, CEO of cloud security firm Gazzang, details how we can deal with the data security issues presented by cloud computing through the use of universal key management. — Paul Venezia

Safeguarding data in the cloud with universal key management

Cloud computing, big data, and the hybridization of IT environments represent real, seismic shifts in the way organizations leverage technology to provide better customer service, more effectively solve problems, and gain a competitive advantage. But as adoption of these technologies grows, so too does the amount of sensitive data and variety of information objects that require tight management and security.

As companies put more of their IT infrastructures, critical applications, and valuable company data into the cloud, they should be using security measures, such as encryption, tokenization, authorization, and access controls to protect these valuable business assets.

These security procedures create an abundance of encryption keys, tokens, certificates, passphrases, and configuration files. What’s more, the burgeoning use of big data, by which data can be spread across hundreds of servers, magnifies the creation of these operational objects. An organization literally can have tens or hundreds of thousands of security artifacts to store and manage, and the irony is that even the most security-minded companies don’t know where all these objects are.

Increasingly, organizations are using multiple utilities and management systems spread across clouds to protect these objects. This practice creates operational inefficiencies, unnecessary expense, and security risks.

For example, a majority of enterprise companies today encrypts data. The companies secure data in transit, in the application, and at rest. That’s certainly better than the alternative of leaving sensitive data in plain text for anyone to see and steal. But encryption is only half the equation. Many of the same “security-aware” companies that encrypt do not properly manage their keys, often storing a key unencrypted in a config file or a spreadsheet. A malicious hacker can discover an unsecure key string in less time than it takes to read this sentence. Encrypting data and not using a key manager is like locking your car and leaving the keys in the door.

Traditional key-management appliances, such as HSMs (hardware security modules), weren’t designed to work in and across cloud environments. Instead, HSMs were built for enterprise data centers wherein a single organization owned and operated all the computing assets. The rapid ascent of public and hybrid cloud computing has made hardware-based key and certificate managers more niche security items than must-haves.

Using a software-based key-management system that is purpose-built for the cloud, an organization can store all its keys, tokens, certificates, and passphrases in a virtual “master vault” that is universally managed by the company’s policies, controls, and business logic.

We’ll get into how policy-based key management works below using Gazzang zTrustee as an example, but let’s start with some definitions:

• A deposit is anything stored in the key manager. It could be a key or a configuration file. For the purposes of this article, we’ll make it an encryption key.
• A client is an application or service that can deposit and retrieve sensitive information objects from the key manager.
• A policy is a rule established by the data owner that enforces the circumstances under which a key can be retrieved or revoked.
• A trustee can be a person or automated process that controls access to a deposit but can neither view nor access the content.

In a case where the key manager is being used to store a master encryption key, the data owner who deposited the key can define policies for how that key can be retrieved. This is important for establishing who, or in many cases what, can access the key and is a necessary step in preventing unauthorized access and meeting compliance requirements for safeguarding keys. Policy examples might include:

• TTL (time to live) — for example, making the deposit retrievable for a specific time period
• Limits on the number of times a key can be retrieved
• Single-use URLs
• Geographic location of the key requestor
• Authorize/denial votes by designated trustees

For auditing purposes, the universally unique identifiers of the keys and associated access policies should be viewable by a key-management administrator; however, the contents of the key file must remain opaque.

Here are two real-world cases of how policy-based key management works:

• An executive needs to share sensitive documents with outside counsel. The documents can be encrypted on the client side, with the master encryption key stored on the zTrustee server. In this case, the data owner can set a policy that permits key retrieval via single-use URL. The executive shares the URL with the authorized outside counsel, who can then use it to open the encrypted file. After the file is retrieved, the URL expires, and the document is once again inaccessible.
• A company needs to reboot its Apache Web server for maintenance reasons. To reboot, the server needs an SSL certificate and a private key to authenticate to the systems around it. An alert is generated and sent to designated trustees requesting authorization to release the certificate and key from the zTrustee server. If the request falls within policy (for instance, reboots can only happen on Wednesdays at 1 a.m.), the request is approved, and zTrustee sends the encrypted package to the server. If not, the trustees can deny the request or ask for more information. They never have to see the key or access the contents.

Keeping track of the rapidly multiplying digital-security objects inside an organization is a daunting task. And it’s made tougher still when each artifact has a different owner and set of policies. Centralizing on a software-based key manager that can store and secure any object type, enforce retrieval and revocation policies, and prevent unauthorized access to sensitive data and systems provides an effective security layer against malicious attack.

New Tech Forum provides a venue to explore and discuss emerging enterprise technology in unprecedented depth and breadth. The selection is subjective, based on our pick of the technologies we believe to be important and of greatest interest to InfoWorld readers. InfoWorld does not accept marketing collateral for publication and reserves the right to edit all contributed content. Send all inquiries to newtechforum@infoworld.com.

This article, “To secure the cloud, keep all your keys in one place,” was originally published at InfoWorld.com. For the latest business technology news, follow InfoWorld.com on Twitter.