Close this search box.

Key Management with Cryptography, how to protect data?


In recent years, suppliers in the data storage market have started to pay more attention to the use of the Key Management Interoperability Protocol (KMIP) in their solutions for integration with encryption key managers.

There are two main reasons for this. The need to comply with data protection regulations is an important reason.

There are also the benefits of Enterprise Key Management (EKM) solutions for companies.

Find out what these benefits are in this article.

Application of good practices in information security

The definition of what is adequate or sufficient to meet regulatory demands about protecting data varies greatly between companies.

Many solutions offer internal support for key management with encryption. Depending on the context, this may be enough.

However, adopting this model could compromise data security. After all, we must consider that the encryption key responsible for protecting them is embedded in the storage solution itself.

In addition, it is common to find scenarios with different storage solution providers, where each one programs their key management models with encryption.

This can lead to human error and compromise data availability in the event of an unsuccessful encryption operation.

The use of an external key management solution provides adequate segregation of roles. It also offers a standardized model for all encryption processes.

In addition, these solutions usually offer international certifications for the implementation of encryption algorithms. This prevents, for example, the use of algorithms or key sizes that are considered weak.

On the Owasp website you can find a very interesting cryptography guide, in which it is not recommended to use the MD-5, SHA-0, SHA-1 hash algorithms and the DES symmetric encryption algorithm.

In addition, key management solutions with encryption can be coupled with equipment designed to provide protection with a high level of security.

For example, Hardware Secure Modules(HSMs) and Enterprise Key Management(EKM). Protection is thus centralized for all the organization’s data storage systems.

Efficient Key Management with Cryptography

Typically, solutions that offer encryption capabilities don’t worry about the lifecycle of a key. Thus, they ignore, for example, validity, activation, deactivation, exchange with preservation of already encrypted processes and destruction.

Using the same encryption key for a long time is inappropriate. After all, this compromises security in the event of a data leak.

A management solution not only provides the necessary requirements for the entire key lifecycle. After all, it also presents these features in a user-friendly interface, from a centralized console.

It even defines access profiles based on integration with a Lightweight Directory Access Protocol (LDAP) database.

Flexibility of Implementation and Key Management with Cryptography

The decision to keep applications on your own infrastructure or migrate to an external data center depends on several factors.

If the key management solution with encryption is coupled with the storage system, the decision to keep it in-house or migrate to the cloud must take this into account.


Ability to generate audit reports during key management with encryption

For these cases, it is necessary to offer information with a high level of trust and access to keys. In this way, you should detail who accessed it, the time of the event and the success or failure of the operation.

In addition, alert mechanisms can notify staff if problems arise with the key management equipment or other devices that communicate with the manager.

One of the main benefits of an external key management solution is its ability to enhance audit reports.

Trying to prove to an external compliance auditor that the keys are safe, secure and have strong access controls would be much more difficult with native storage, especially if there is more than one solution. This will also require all systems to be audited individually.

Segregation of profiles

External key management systems can define permissions for the administrators and users who will use the keys.

A common example of this is the ability to allow an administrator to create a key, but not be able to use it to encrypt or decrypt using LDAP or Active Directory (AD) user attributes.

Normally, the systems’ own cryptography does not have this level of granularity in the administrative functions. As a result, the storage administrator is also responsible for the key.

Variety of systems where sensitive data can be stored

From CRMs, File Systems, Virtual Machines, structured or unstructured databases, there is a possibility that there is information that needs encryption to avoid exposure in the event of a security breach.

Encrypted key management, with the ability to integrate with open protocols, provides the necessary resources to meet the needs of a wide range of environments.

There are at least four perspectives that can be addressed regarding the location of the data to be protected: file system, operating system, database and memory.

The effort to implement encryption increases in this order and exceeds the complexity, considering the variety of environments and systems in the end-to-end flow of the data to be protected.

As you may have realized, native encryption is not necessarily the best way to protect data. If you still have questions about this, leave them in the comments. We’ll be happy to answer your questions.

Sobre a Eval 

Eval has been developing projects in the financial, health, education, and industry segments for over 18 years. Since 2004, we have offered solutions for Authentication, Electronic and Digital Signature, and Data Protection. Currently, we are present in the main Brazilian banks, health institutions, schools and universities, and different industries.

With recognized value by the market, Eval’s solutions and services meet the highest regulatory standards for public and private organizations, such as SBIS, ITI, PCI DSS, and the General Law of Data Protection (LGPD). In practice, we promote information security and compliance, increase companies’ operational efficiency, and reduce costs.

Innovate now, lead always: get to know Eval’s solutions and services and take your company to the next level.

Eval, safety is value.


Sobre o(s) autor(es):


Outras postagens