Most encryption discussions start with my customers asking about the algorithms available. My usual response is "That's a great question. But talking about that now is like worrying about how to dispose of a bomb before disarming it." The point I'm trying to make is that effective encryption algorithms are required, but not sufficient. If you don't have robust, secure key management, encrypting data is a waste of resources regardless of the algorithm used. Therefore, the first place to begin any new encryption project is key management.
So what does a robust key management solution enable? Good key management systems have, in my mind, three functional, must have components:
- Key generation and storage management,
- Secure key distribution
- Standards compliance
All of these need to be provided in a manner that provides tight control by a select few encryption key administrators who don't also have access to the encrypted data.
At first glance, key generation may seem relatively easy. Just generate a key of the appropriate length and store it somewhere. But that's only a piece of the problem. First, best practices says that no person should know the key and no one person should be able to generate a new key and put it into use.
Second, unlike military secrets on the battlefield, data encrypted today may need to stay protected for years or even decades. But the longer data remains encrypted with the same key, the higher the risk of that data being compromised. Best practices address this by implementing key rotation (i.e. generate a new key, unencrypt data encrypted with the old key, and re-encrypt with the new key).
The next important area for a good key management solution to address is key distribution. One aspect of key distribution is secure storage, retrieval and transmission of keys. Key management solutions must make it easy for approved application and system interfaces to work with unencrypted data while not exposing the keys to those interfaces or to any human users of the system. Good key management solutions typically use a hierarchy of keys (such as key encryption keys and data encryption keys) to help enable this function.
Another aspect of key distribution is authorization. While operating systems can be used to specify which people are allowed to access data in a database, they do not provide mechanisms to indicate whether encrypted fields in the database should be decrypted or not. Consider a scenario where Joe has access to the CUSTMST database because he runs a specific application. Joe's job does not require him to access customer credit card information, which is encrypted. The application does not show Joe this information so it isn't a problem from that point of view. But what if Joe uses DBU or ODBC to access the database? Good encryption solutions allow an administrator to indicate if Joe is allowed to view decrypted data and will enforce the decision of the administrator by not decrypting information for the user JOE (or Joe user? :-) ).
Of huge importance for good key management solutions is government and industry standards compliance. Any key management solution worth their salt will be compliant with any standards that affect your organization. While uncertified solutions may be compliant, there is no way to tell if they haven't been certified by an appropriate third-party as compliant.
I recently collaborated with Patrick Townsend of Townsend Security on a white paper discussing the topic of encryption standards compliance on the IBM i. You can download a copy of it here.
Finally, good key management solutions provide the functionality discussed above in an easy to use package. What does "easy to use mean?" It means that business logic programmers and system administrators are not forced to become crypto experts or to learn the internals of the key management solution in order to efficiently and effectively implement encryption in your organization.
So when you begin your quest to implement encryption on your system, start by looking for the qualities of good encryption key management described here. Only after you find one should you begin to worry about the technical details associated with the encryption algorithms supported by that solution.
About the Author
Patrick Botz is the President and CTO of Botz & Associates. Patrick’s expertise includes security strategy, security policy enforcement, password management and single sign-on (SSO), industry and government compliance, and biometrics.
Previously as Lead Security Architect at IBM and founder of the IBM Lab Services security consulting team, Patrick achieved intimate knowledge of system security capabilities and pitfalls on a broad spectrum of platforms, with special emphasis on IBM i (formerly AS/400), AIX, Linux and UNIX operating systems.