How to stay secure in a changing world
by Jeff Hudson - CEO at Venafi - Wednesday, 7 November 2012.
Virtually safe and sound

In the real world, if you buy and fit the strongest lock available on the market it might make your building secure. However, every time you give another person a key the strength of that lock is weakened as youíre now reliant on each personís sincerity and their ability to protect your key. The question is simple, how strong is the lock if everyone can open it?

The same is true for your virtual assets. Whether itís the customer database, your research and development data or even who is your top performing sales person Ė if it has a value to you it deserves to be locked away.

Many organisations think that, by encrypting their data, theyíre secure. However, and here we must dispel a security myth, unfortunately itís not true. It comes back to the strongest lock scenario outlined previously. Encryption means nothing unless they keys remain protected and accessible only to those who should have access to decrypt and consume data, otherwise the data that companies believe is protected remains woefully exposed.

To protect encryption keys, administrators must follow clear, well-documented processes that minimise the keysí exposure. The sad truth is that most companyís manual key management practices fail to measure up:
  • Keys have multiple access points
  • Keystore passwords are not changed regularly
  • The same password is used across multiple keystores
  • Private key(s) are manually shared between administrators and applications
  • Distribution policies are lax or unclear
  • Private keys and passwords are not changed when administrators leave the organisation
  • Expansive key volumes leave glaring gaps in coverage.
With so many points of exposure, dozens of people can access thousands of keys. Additionally the reality of typically high IT staff turnover instead of reducing the risk of a compromise, instead actually magnifies it.

Instead, organisations need to implement sound encryption key management practices required to truly secure data. Using an automated and policy-based tool, you can then easily implement best practices such as separation of duties, regulated workflow, forensically durable logging, HSM integration, secure key distribution and regular key rotation.

With encryption keysí exposure minimised, controlled and audited, companies know that their encryption assets truly deliver the promised security to truly protect vital data.

While Sir Isaac Newton may have a different take on the law of physics, were he alive today, Iím sure security would factor heavily in his theories.

Spotlight

USBdriveby: Compromising computers with a $20 microcontroller

Posted on 19 December 2014.  |  Security researcher Samy Kamkar has devised a fast and easy way to compromise an unlocked computer and open a backdoor on it: a simple and cheap ($20) pre-programmed Teensy microcontroller.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  
DON'T
MISS

Fri, Dec 19th
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //