Four Essential Features of Customer Managed Keys to Encrypt Cloud Data
When considering a customer managed encryption keys solution, here are four essential capabilities you should consider.
28 April 2015
Virtually all content collaboration solutions promise their users that they can work with “anyone”, on “any device” and “anywhere.” Some even add “securely” to differentiate from hundreds of popular, free solutions. But how can customers get even greater control over their data? Encryption is a widely accepted technical control to address security and privacy concerns, however, an essential aspect of the technology — encryption key control — may often be overlooked.
We believe that customers of online solutions should maintain full control over the encryption keys. By maintaining ownership over the encryption keys, customers will have even greater control over their data. Some providers agree, and are taking notice of this by implementing capabilities for customers managing keys. This is a good trend, but caveat emptor, devil is in the details.
Essential Features of Customer Managed Encryption Keys
When considering a customer managed encryption keys solution, there are a few essential capabilities you should consider.
- The first important issue is to make sure that a single provider is responsible for the whole solution and there is one single access point. It is not practical to buy additional customer managed keys (CMKs) services from multiple providers to secure data at another online service. Plus, with two provider solutions, the question of Service Level Agreement (SLAs) comes up. Performance degradation is inevitable, and worst of all, it is nearly impossible to declare the responsible party for outages. Having two solutions versus one may also be less secure since access points are doubled — you need to worry about two sets of insiders making a mistake or maliciously accessing your data.
- Second comes the access to the key management module. For complete data control, the provider should be truly out of the picture. The way that the customer key manager is authenticated is critical. A simple user ID and password and generic strong authentication technologies may not be enough to protect the keys, you need specialty hardware for key management access.
- Third is the question of backups. Properly implemented customer managed keys ensures that the customer has greater control over their information, however, by doing so, it puts the responsibility of key availability on the customer. If the customer key is lost — providers may not have any means of restoring the data. This is good for security, but businesses still need a way of restoring their information. Stronger CMK solutions require that backup devices stay with the customers at all times. They insist, however unpleasant the conversation may be, that their customers spend the extra budgets for their key backup. There is an often unseen benefit of backing up only the keys (megabytes for large enterprises) and not all the data (potentially, terabytes).
- And fourth, the cryptography solution must be compliant. The cryptography solution must be compliant with regulatory requirements, or better yet, certified to high security standards, such as FIPS 140-2 level 3.
Some people may ask which of the above capabilities is the most important requirement. The answer: They are all important. If any of these capabilities are compromised, you will not have full protection over your information. It’s all or nothing — you need all four capabilities. There is no reason to have a partially secure key management solution when you can have a complete one.
Mushegh Hakhinian represents Intralinks at the Cloud Security Alliance SME Council, is a certified information systems security professional, and is a frequent contributor to industry publications. Prior to joining Intralinks, Mr. Hakhinian lead security functions at a multi-tenant online banking service provider and an international bank.