How to stay secure in a changing world
by Jeff Hudson - CEO at Venafi - Wednesday, 7 November 2012.
Virtually safe and sound

In the real world, if you buy and fit the strongest lock available on the market it might make your building secure. However, every time you give another person a key the strength of that lock is weakened as youíre now reliant on each personís sincerity and their ability to protect your key. The question is simple, how strong is the lock if everyone can open it?

The same is true for your virtual assets. Whether itís the customer database, your research and development data or even who is your top performing sales person Ė if it has a value to you it deserves to be locked away.

Many organisations think that, by encrypting their data, theyíre secure. However, and here we must dispel a security myth, unfortunately itís not true. It comes back to the strongest lock scenario outlined previously. Encryption means nothing unless they keys remain protected and accessible only to those who should have access to decrypt and consume data, otherwise the data that companies believe is protected remains woefully exposed.

To protect encryption keys, administrators must follow clear, well-documented processes that minimise the keysí exposure. The sad truth is that most companyís manual key management practices fail to measure up:
  • Keys have multiple access points
  • Keystore passwords are not changed regularly
  • The same password is used across multiple keystores
  • Private key(s) are manually shared between administrators and applications
  • Distribution policies are lax or unclear
  • Private keys and passwords are not changed when administrators leave the organisation
  • Expansive key volumes leave glaring gaps in coverage.
With so many points of exposure, dozens of people can access thousands of keys. Additionally the reality of typically high IT staff turnover instead of reducing the risk of a compromise, instead actually magnifies it.

Instead, organisations need to implement sound encryption key management practices required to truly secure data. Using an automated and policy-based tool, you can then easily implement best practices such as separation of duties, regulated workflow, forensically durable logging, HSM integration, secure key distribution and regular key rotation.

With encryption keysí exposure minimised, controlled and audited, companies know that their encryption assets truly deliver the promised security to truly protect vital data.

While Sir Isaac Newton may have a different take on the law of physics, were he alive today, Iím sure security would factor heavily in his theories.


Harnessing artificial intelligence to build an army of virtual analysts

PatternEx, a startup that gathered a team of AI researcher from MIT CSAIL as well as security and distributed systems experts, is poised to shake up things in the user and entity behavior analytics market.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.

Thu, Feb 4th