Townsend Security Data Privacy Blog

In a business world that is moving more towards virtualization and cloud environments, the need for strong encryption and proper key management is critical. Due to all the recent and well-publicized data breaches, we all know about the ways your brand can be damaged if you don’t encrypt your data. Let’s look at the benefits of encryption, and three of the ways it can have a positive effect on your business.

Customer Confidence = Loyalty: When it all boils down, building trust in your business is what will make or break relationships with your customers, business partners, and potential investors.  After major retail breaches in 2013, a study conducted on 700 consumers showed that the three occurrences that have the greatest impact on brand reputation are data breaches, poor customer service, and environmental disasters. These three incidents were selected ahead of publicized lawsuits, government fines, and labor or union disputes. By being transparent about the ways that you will store and protect their sensitive data (required to operate your business) you will build a level of confidence and trust with your current and potential clients and customers. Using encryption to protect your customers sensitive information is the best way to keep any unauthorized user from successfully using the data if it is accessed. Properly deploying encryption, means you will be sure to use an encryption key manager that separates and securely stores the encryption keys away from the encrypted data. Let your clients know you take data security seriously, and let the would-be thieves know “move along, there is nothing to see here”!

Cloud = Cost Savings: Encryption can help your business move successfully to cloud and virtual environments. Because of the multi-tenant nature, cloud solutions can offer a significant cost savings to most organizations… but what about those other “tenants”, are they able to gain access to your information? What about the treasure trove of information that is attracting more and more hackers? Encryption can make it possible to leverage the benefits and cost savings of the cloud while ensuring the privacy of your sensitive data.

• By using encryption, you can make sure your information is secure when it is “at rest” or “in motion”.
• By properly handling encryption keys with an encryption key manager, you make sure you are the only one able to access your encryption keys.
• By keeping your encrypted data and your encryption keys in separate locations, you remain in control even when your data has left the building.

Customer Compliance = Competitive Advantage: Keeping data secure is the law for many commercial and private organizations. If any sensitive information is stolen or lost, your company may suffer some serious consequences, especially if that information is not encrypted. Using industry standard encryption also helps you meet various compliance regulations and data security standards. Depending on what industry your business is in, different regulations will come into play. As an example, all companies that take credit card payments fall under the Payment Card Industry Data Security Standard (PCI DSS). We all use credit cards and we want assurance that our information is safe. Would you shop online with a company that didn’t take measures to protect your account information?

If a data breach occurs and personally identifiable information is lost, the breached company must notify all their customers who are impacted. Did you know that there are data breach notification laws in 46 of the 50 states? Some regulations have a safe harbor clause, protecting companies from public notification if the stolen data is encrypted and if the encryption keys are not compromised. Along with the frequency, the cost of these breaches continues to escalate: The average cost to an organization for a data breach is up 15% with an average cost of 3.5 million dollars (2014 Ponemon Report). So using encryption to protect data and properly handling key management could save you millions of dollars in the event of a breach. Given the high cost of breach notification doesn't encryption just make sense?

Whether you choose a designated hardware security module (HSM), something designed specifically for virtualized environments (VMware), or data storage in the cloud, encryption and key management solutions can help you:

• Gain competitive advantage and build loyalty by protecting your customers data against access by unauthorized users
• Reduce hardware costs by leveraging virtual environments in the cloud
• Significantly improve your data security strategy while satisfying data compliance and privacy requirements

Overall, data encryption offers many benefits and provides solid protection against potential threats or theft. In addition to the many benefits, encryption is also efficient, easy to use, and affordable! Want to learn more about encryption? Download our eBook “The Encryption Guide”:

Roadmap to a Strong Encryption Solution

We live in the time of the data breach. Data privacy experts no longer consider a data breach a matter of “if”, but “when”. That’s why organizations are asking themselves: How do I protect myself? How do I find out what data I’m supposed to protect? For most businesses, they can find out what data they need to protect based on industry data security standards that they fall under. The technology those regulations require or recommend can be difficult to implement, however, especially encryption.

Townsend Security has just released a new eBook, “The Encryption Guide,” to help IT professionals and business leaders alike navigate the steps to implementing a successful encryption solution. This eBook answers both basic and more difficult questions about encryption such as:

• What is encryption
• When should I use encryption?
• What data should I encrypt?
• Where can I encrypt data?
• What are encryption best practices?

Check out the excerpt below from the introduction, and download the full eBook to get answers to these questions and more.

“Data security today is a major problem. Security professionals, administrators, and executives know this because highly publicized data breaches occur on what seems to be a monthly, if not weekly, basis, and lesser-publicized data breaches happen nearly every day. Loss of customer trust, huge payouts in fines, damage to reputation, and business leaders losing their jobs are just some of the consequences associated with a data breach.

Most high profile data breaches result in a lot of finger pointing with little discussion about what actually went wrong, and how other companies can prevent suffering a similar fate. Unfortunately, it is often revealed that some of the largest data breaches could have been prevented had the organization used proper encryption and encryption key management where it was needed.

Unencrypted sensitive data is a dangerous reality for most businesses. It’s an issue complicated by the fact that sensitive data is typically processed and stored in many disparate, fragmented locations so that administrators and business leaders alike aren’t certain where their data is, if they’re handling unknown sensitive data, which data should be encrypted, or know if their data is being encrypted at all.

In this eBook designed for IT administrators and executives, we will discuss how critical encryption is to your business continuity, how a solid encryption plan can help protect your business in the event of a data breach, and encryption best practices that will ensure your data security plan is effective and defensible, and keep you and your customers safe.”

Today, cloud resellers need to know that companies searching for a cloud provider to host their information technology have several good options. Microsoft Azure and Amazon Web Services (AWS) are two popular and trustworthy cloud platforms, and there are many other smaller cloud and private cloud platforms that can meet specific technological needs. However, when moving to the cloud, organizations must also consider the security options provided by that cloud service in order to address their own concerns about data security. This can be an issue for cloud resellers whose customers need good security in order to move to the cloud.

Finding good security on a cloud platform can be difficult when cloud security seems to be far more expensive than the cloud solution itself. Many companies need to encrypt sensitive data such as cardholder data, protected health information (PHI), and other personally identifiable information (PII), as well as manage their own encryption keys to meet compliance regulations.

This is why third-party cloud encryption and key management solutions are becoming more and more popular with cloud resellers who need to provide their customers easy and cost-effective encryption and key management. Third-party security can help a company choose the cloud provider they want without having to compromise their data security due to cost.

Cloud resellers for Azure, AWS, and other cloud providers should consider these concerns their customers’ may have about data security on cloud platforms:

1. Multi-Tenancy

Since it is shared by many users, the cloud is inherently less secure than a hardware solution. Cloud solutions utilize shared resources such as disk space and RAM, which is why the cloud is much less expensive than purchasing your own hardware; however, this means you have less control over who has access to your data. This is why encryption is critical to organizations who are storing sensitive data in the cloud.

2. Standards-Based Encryption

Many organizations attempt “in-house” or do-it-yourself encryption in an attempt to avoid difficult or costly third-party encryption solutions. However, these DIY projects tend to be difficult and rarely result in strong, defensible security. They can lead to huge problems down the road, especially when it comes to meeting compliance regulations, and it is common for these solutions to fail data security audits.

One major reason a DIY approach to encryption often fails is a lack of strong cryptography and and encryption key management. The management and documentation of encryption key lifecycle, rotation, creation, and deletion is mandated by many regulations such as the Payment Card Industry Data Security Standards (PCI DSS). Anyone handling sensitive data must meet specific encryption and key management requirements set forth by the industry or government regulations they fall under.

For these reasons, most organizations chose a certified third-party encryption and key management vendor to help them meet compliance as well as centralize and streamline the encryption and key management of all of their sensitive data in the cloud.

3. Encryption Key Management

Encryption key management is a major concern for cloud users. Even if their cloud vendor offers a native encryption option, how that vendor manages encryption keys can be a barrier for organizations who need to manage their own encryption keys in order to meet compliance. In accordance with many compliance regulations, businesses must document how they manage their encryption keys away from their encrypted data. This can be very difficult if your encryption keys are being stored in the cloud and accessible by the cloud provider. Some cloud providers offer encryption key management; however, they do so at a cost that makes using the cloud an unattractive choice. Cloud resellers must be aware that this, too, can be a barrier to cloud adoption.

Cloud resellers need to know that security is a barrier for many companies who wish to move to the cloud. Building a toolbox of certified cloud encryption vendors can help them win these customers and gain new revenue.

To learn more about encryption key management for the cloud, view our webinar, “Encryption & Key Management Everywhere Your Data Is,” featuring data privacy expert Patrick Townsend.

In light of the recent, massive Target data breach, and the fact that Target had passed a PCI DSS audit yet lacked proper security controls, many organizations are searching for stronger data security. Using encryption to protect sensitive data should be considered a top priority for organizations that want to protect themselves from a potential data breach. Strong, defensible encryption used in conjunction with strong key management and a system logging solution can enable a business to catch a breach in real time when it happens, and know that any sensitive data that has been accessed is undecipherable by the attacker. Even with sophisticated and expensive malware detection software, the only way to secure the breach and avoid breach notification is with encryption and encryption key management.

Few organizations are aware of the extreme criticality of encryption and key management, and for the ones that are aware, many still consider encryption a last-effort solution and grapple with its reputation for being difficult and costly. Encryption and encryption key management can be difficult and costly; however, it doesn’t need to be. Different encryption key management vendors offer varying features and applications as well as pricing structures, and finding a solution that can integrate easily into your IT infrastructure is an achievable task. The key is to look for specific features that increase ease of use while decreasing costs.

1. Easy to use client side applications - A security expert and developer once said to me, “People say a lot of things aren’t ‘rocket science,’ but encryption key management is like ‘rocket science’. This is why businesses very rarely develop their own encryption and key management solutions internally. How easy an encryption key management vendor makes their solution to use is a major factor of a purchasing decision. If encryption is going to become as widely used as it needs to be, the client-side applications that manage encryption keys must be usable and intuitive to the average security administrator.
2. Scalable pricing structure - Scalability results in affordability. Not every company can invest in millions of dollars of malware detection and security consultants, and we’ve found out that the companies who can afford those services still have data breaches. Data breaches don’t discriminate, which is why encryption and key management solutions must be affordable for organizations, regardless of size. Five years ago, the only encryption key management solutions available were very expensive hardware solutions. Many vendors charge extra fees per network connection, which is neither an easy or scalable solution for companies that are growing. These hardware security modules (HSMs) are still widely used and preferred by businesses with a low tolerance for security risk, but many are turning to newer cloud solutions that offer the same certified technology with a lower price tag.
3. Cloud compatibility - Moving applications and data centers to the cloud is a natural step for organizations attempting to consolidate their IT infrastructures and lower operational costs. Security, however, remains the number one concerned for the cloud--a multi-tenant environment that shares resources with other users. Encryption and key management is essential to protecting any sensitive data processed or stored cloud applications or databases, and cloud-based or hosted solutions are readily available. Just remember that your key management solution must be FIPS 140-2 compliant and not share services with other users in order to be compliant with most data security regulations.

Encryption and encryption key management are essential, proactive technologies that help organizations remain intact in the event of a data breach. Look for these three features in a certified solution to protect yourself and your customers.

Townsend Security’s FIPS 140-2 compliant “one-click” ready-to-use key management solutions enable cloud users to easily protect their data in the cloud or data center at an affordable price. Learn more by viewing the webinar, “Encryption & Key Management Everywhere Your Data Is,” featuring data security expert Patrick Townsend.

As we discussed in the webinar and latest blog on Encryption & Key Management Everywhere You Need It, sensitive data needs to be protected wherever it resides!  

Proper encryption & key management can help you meet compliance requirements, and improve your data security posture across multiple platforms or environments. After the webinar, we had a number of questions asked by attendees and answered by security expert Patrick Townsend. Here is a recap of that Q&A session:

Q: Is there any limit to the number of servers that I can hook up to your encryption key manager?

Patrick: There are no restrictions, and no license constraints on our encryption & key management solution. We don't meter or count the number of client-side platforms that connect to our Alliance Key Manager, so you can hook up as many client side applications, servers, and processors as you need to. This is one of the things I think is different about how we approach encryption and key management with our customers. We also know the applications you are running today may not be the applications you need to be running tomorrow and we really want you to deploy encryption to all your sensitive data and scale up when & where you need it.

Q: With the various platforms that I can deploy an encryption key manager in, how do I know which one is right for me?

Patrick: There are several factors that will come in to play when deciding where you deploy your key management:

Compliance regulations that you need to meet can be a factor in whether you deploy an Hardware Security Module (HSM) or a cloud HSM or a virtualized instance. If you are working with an auditor or going through a QSA audit, you'll want to have a conversation with them to understand their expectation from a compliance point of view around where you deploy your encryption key manager.

Risk tolerance will also come into play. You may have a security group within your organization with strong feelings about how to deploy encryption key management and how to mitigate risk. If you have large amounts of sensitive data to protect you might decide to deploy an HSM in your secure data center. If you're dealing with a very small amount of data and you do not process credit cards or personally identifiable information, your risk assessment may indicate a cloud deployment.

Budget is certainly always a factor to consider. It is important to consider the cost benefits of security however, we all understand that leaving our data in the clear is no longer an option. It is a matter of understanding your industry regulations and risk assessment, then deciding what encryption and key management to deploy.

While they are generally the most secure solution, Hardware Security Modules (HSMs) can be more expensive than a virtual environment, dedicated cloud instance, or virtual private cloud. Once you look at all the factors that affect your company, we will be there with the right solution that will work for your needs.

Q: Does Townsend Security provide guidance on how to get the best performance with my operating environment?

Patrick: Because every enterprise operational environment is different, we provide guidance around performance with our encryption key management solution. With every one of our solutions we offer complimentary 30-day product evaluations and encourage our customers to do proof of concepts with their applications. We are serious about making this process simple, and our customers can download the actual instance in evaluation mode, run it with their applications, test the actual solution, and truly evaluate performance in their specific environment. Performance metrics will be moderated by a number of factors within your specialized environment, your network, and your processing platform.

Q: I have data that needs to be encrypted in a cloud other than Amazon or Windows Azure, can your product help me with this?

Patrick: Yes, we can. First of all, following best practices, you want to keep your encryption keys separate from the data they are protecting. You may have data in a cloud platform, but choose to run your encryption key management solution in a different location or a virtual private cloud. Let’s say you want to run the key manager in a dedicated cloud HSM or even in your data center. Most top-tier cloud vendors truly support multiple environments for running key management, and we find that our solutions work well for customers who are running in the cloud.  We suggest you contact us and have a conversation about options and we can provide guidance about how to deploy a secure solution.

Q: How is Alliance Key Manager Priced?

Patrick:  We have a wide set of options for our customers, and are dedicated to helping find affordable solutions. We have perpetual license or subscription options for classic HSMs, Cloud HSM, and virtualized environments. Our cloud offerings are true usage-based subscriptions, so if you're used to deploying in Amazon Web Services or Windows Azure, our encryption & key management solutions will fit that same strategy for pricing.  

We really believe that the encryption should go everywhere you need it to go! Your key management should work across a wide set of application environments, and it must be affordable, so that we can all get where we need to be in terms of protecting sensitive data. Regardless of where your data is or what platform you are using, there's a solution that can work for you!

View the complete webinar - Encryption & Key Management Everywhere - to learn about:

• Deploying encryption and key management with an HSM, cloud HSM, virtual appliance or in the cloud
• How protecting data  properly is now easier and more affordable than ever
• Factors to consider when deciding which option is right for your organization
• What compliance regulations (PCI DSS etc.) say about the different options
• Challenges for applications running in the cloud or virtual environments

If you have further questions, please list them here in the comment section and we will be sure to get you an answer!

Wherever your sensitive data resides - client side applications, secure data centers, or in the cloud - Encrypt it!

“Sensitive data” is not just credit card numbers and expiration dates anymore.  Because of recent data breaches, we know that loyalty information like names, e-mail, physical addresses, phone numbers; personal data like birthdate, social security number... so much information today... now constitutes what we call personally identifiable information (PII) and must be properly protected with encryption no matter it is stored.

When it comes to protecting data, look to well-defined industry standards for an encryption algorithm that is reviewed and vetted by cryptographers around the world. Advanced Encryption Standard or AES is the most commonly used encryption algorithm to protect sensitive data. Validated by the National Institute of Standards and Technology (NIST), this standard is referenced in a wide variety of compliance regulations either as a requirement or as a recommendation. However, the AES algorithm is not the secret that we have to defend. Think of encryption as the lock that you put on your front door, and the encryption key is your house key. You don’t tape your house key right next to the lock when you leave in the morning, you take it with you and you protect it from loss or theft. Your unique encryption key is THE secret that you must protect, which can be accomplished using a secure, certified key management solution. Getting encryption key management right is in fact the biggest challenge customers and organizations run into when they start their encryption projects.

When you look at what it takes to properly protect sensitive data with encryption, you immediately find standards (NIST) & best practices for key management, and industry compliance regulations (PCI DSS, HIPAA/HITECH, FFIEC, and state privacy laws) that require proper key management. They all say the same thing: “Do Not Store the Encryption Key on the Same Server as the Encrypted Data”.

Encryption key management is a well-defined process with standards and best practices around managing encryption keys and a formal definition of the encryption key lifecycle.  

When an encryption key is first generated, or established, it may not be used for some time so it waits in a pre-activation status until it is being actively used.  The key will expire after use or based on a set definition and then will go into escrow after post-activation. After that period, the key is generally destroyed.

One way to destroy data is to destroy the encryption key that's protecting it, because if the key is not recoverable neither is that data. Auditors will want to know if you have a process for managing the encryption key through the entire lifecycle, and this is one of the things that a key management solution does for you in a provable way.  Beyond the encryption key lifecycle, the key management solution provides access controls for users and groups, in-depth audit trails and system logging with the ability to integrate across multiple platforms, and they must implement a mechanism for dual control and separation of duties to really meet compliance regulations as well as defensible security best practices.

It is also very important for an encryption key manager to provide the option of onboard encryption. The core function of the encryption key management solution is to generate, protect, and distribute encryption keys to authenticated users. If you have a web application or a more exposed cloud environment, retrieving an encryption key may seem risky to you in terms of having that key in your operating environment. With an onboard encryption solution you can send your data to the key manager, name a key, and get that data encrypted or decrypted strictly within the confines of that key management solution. Avoiding the risk of losing encryption keys in a more exposed environment is an important component in a compliance strategy.

Even 10 years ago, encryption key management solutions were very expensive specialized hardware devices and very difficult and time consuming projects. Thankfully, encryption and key management is no longer the development or cost headache it once was. Since IT infrastructures have become very complex environments using different technologies and platforms (60% of Microsoft SQL Server customers are also running Oracle someplace in the organization), a key management solution also needs to address these complexities and protect data wherever it may be. There are still hardware security modules (HSMs) and now there are new options for deployment of cloud-based HSMs, virtual appliances, and true cloud instances of encryption and key management.

Hardware Security Module (HSM) is a physical appliance or security device that is protected and tamper evident. Built for high resiliency and redundancy it has hot swappable rated disc drives, dual power supplies, dual network interfaces, and is deployed in your IT data center.

Cloud HSM is a physical appliance hosted in a secure cloud with real-time encryption key and access policy mirroring.  Dedicated HSMs are hosted in geographically dispersed data centers under an ITIL-based control environment and are independently validated for compliance against PCI DSS and SOC frameworks. No access is available to the cloud vendor or any unauthorized user.

Virtual Appliances are the exact same key management solution - the same binary software that runs inside the hardware HSM - available as a VMware instance.

In the Cloud - If you're running on Microsoft Windows Azure or vCloud, the encryption key manager can run as a true cloud instance in a standard cloud or deploy in a virtual private cloud for added data protection for sensitive applications.

Because encryption and key management is so important, we offer all of the options listed above as NIST validated and FIPS 140-2 compliant solutions. We also want to make sure encryption is available everywhere you need it, so at Townsend Security we have a very different philosophy and approach:

• We think that when you buy an encryption key manager, you should be able to easily deploy the solution, get all your encryption projects done properly, and have very affordable and predictable costs.

• We understand that we live in a world where budget matters to our customers, so we do not charge client-side fees.  

• We understand that IT resources are limited and have done a huge amount of work to make our solutions easy with out-of-the-box integrations, simplified deployments, and also provide along with our solution ready-made client-side applications, encryption libraries, source code samples, as well as SDKs for developers who need them to get their projects done very quickly.

To learn more about key management and how to properly encrypt sensitive data anywhere you store it, download our latest webinar featuring data security expert Patrick Townsend:

With V7R1 IBM introduced FIELDPROC (field procedure) exit points which Alliance AES400 for IBM i uses to encrypt database files at a field level. Since the cryptographic process is called by the database directly upon access, rather than by the application, this means that the process will work regardless of what type of application uses it. No application changes are needed, which is something our customers really like to hear.

These are five frequently asked questions we get around FIELDPROC encryption.

1. What type of fields are supported with FIELDPROC?

Surprisingly, virtually every field type is supported, whether it is character (even binary character), numeric (zoned, packed or binary) date, time, timestamp, Double Byte Character Set (DBCS), and hex. Some fields have certain restrictions, for example in order to implement fieldproc encryption on date, time, and timestamp fields you must specify a default value that is not ‘current date and time’.  You can define this in DDS or structured query language (SQL), and there is an option in the DB2/400 FIELDPROC encryption menu that will do this for you.

FIELDPROC will also handle blank fields by not encrypting them at all. This helps us achieve better results from certain SQL operations. FIELDPROC encryption however does not support fields with NULL values and they should be avoided or changed if necessary.

2. Will I need to make any changes to my applications?

As I mentioned above, it is not necessary to make application changes, but here is more detail as to why: In V7R1, AES/400 can create FIELDPROC exit points that tie to individual fields in a DB/2 file. When a file is opened for any operation, read, update, insert, or delete, the exit point calls one of our FIELDPROC applications, which calls our encryption or decryption APIs. It does this regardless of which application is accessing the file, thus creating application independent encryption.

A few things to consider are: when you backup your file you will need to also backup the FIELDPROC applications, and make sure you restore them at the same time as well. It is also important to remember that if the file is accessed through FTP it will be transferred in the clear.

3. Can I encrypt index fields?

In short, yes. However, encrypting index fields will affect the performance of your SQL operations, and the more indexes you encrypt, the more your performance will be affected. This happens primarily for the following reason: For faster performance DB/2 looks up records based on their encrypted values. This means that when you tell DB/2 you are looking for the record with social security number 111223333, and that field is encrypted, it will encrypt the search string and then retrieve the matching record for you. This is done as a performance enhancement especially when working with logical files on the IBM i. However for some SQL operations it decrypts all the records in order to read the index fields, so rather than encrypting single values to look up, it needs to decrypt a multitude of records.

4. What kind of performance can I expect?

In our test environment, which consists of a single processor IBM i platform, model 515, approximately 3500 CPW, V7R1 of the operating system with TR5 installed, we can process about 16,000 records per second. Systems with higher processing power should see better performance. This means that if we have a file with one million records and one field encrypted we can read the entire file in about 60 seconds. If they are 2 fields encrypted it will take us about 120 seconds because we are handling two million decryption calls.

5. Does using external key management affect performance?

In short, no. The time it takes AES/400 to retrieve a symmetric encryption key from our Alliance Key Manager server is approximately 0.0116 seconds. And this is through a secure TLS connection. There are network infrastructures in which this time may be slightly affected, firewalls, routers, switches, distance, however it should never create a noticeable difference in performance.

To learn more about automatic encryption on IBM i V7R1 using FIELDPROC, download the podcast "FIELDPROC Encryption on the IBM i" to hear IBM i security experts Patrick Botz and Patrick Townsend discuss encryption, key management, and meeting compliance regulations on the IBM i.

On February 19th the University of Maryland disclosed to the public a data breach exposing over 300,000 records of students, faculty, and alumni including names, social security numbers, and dates of birth.

Universities and colleges using their website to communicate with students are aware of the fact that their website is a massive portal for student data. From the moment a potential student applies to a university through its website, up through each time a student submits financial and health information, thousands of personal records are being collected by the website and stored for internal use in databases.

Why is this data not being protected? That’s the big question asked by data security experts and concerned students alike, who are aware of the massive number of data breaches that occur yearly through websites. The information submitted on higher education websites includes nearly everything a hacker or malicious user wants including: home addresses, social security numbers, phone numbers, email addresses, passwords, parent names, credit card, and financial data. Many universities run teaching hospitals, not to mention their own student health services. Protected health information (PHI) entered through patient portals also poses a huge risk if the data isn’t protected.

This information should not only be encrypted to protect students, faculty, and patients alike, but it should be encrypted because the collection of financial data, credit card data, and PHI fall under industry regulations such as HIPAA/HITECH and PCI-DSS which require the encryption of this data.

Here’s the good news: Many college and university websites are built using the common content management system (CMS) Drupal. Drupal is one of the most widely used CMS platforms, and is used by both small start-ups and Fortune 100 enterprises. It is very commonly used for higher education sites. Drupal has a long history with addressing security in its modules, and in fact has even supported an Encrypt module to encrypt sensitive data. Although the Encrypt module made encrypting data easy for Drupal users, it lacked a very important component of successful encryption: encryption key management.

Encryption key management is the foundation of a successful encryption strategy. If the encryption key is stored locally with the encrypted data, then a hacker who gains access to the data can immediately decrypt the data, making the encryption useless. If the key is protected, away from the encrypted data, then the data remains safe, even if accessed by an attacker.

Ok, here’s the actual good news: Stronger encryption and encryption key management is now available for Drupal users. Chris Teitzel and Rick Hawkins, Drupal developers and owners of Cellar Door Media have recently teamed up with Townsend Security to create Key Connection for Drupal--a module that enables NIST-validated AES encryption and FIPS 140-2 compliant key management for data in Drupal.

Key Connection for Drupal offers these important features:

• Encryption anywhere you want it - The Key Connection for Drupal APIs allow developers to encrypt data and protect encryption keys anywhere data is collected in a website from student enrollment applications to student health service portals.
• Onboard encryption - While Drupal developers can still use the encrypt module to encrypt sensitive data, and protect the encryption keys to a cloud or physical key management module, they also have the option to do “onboard” encryption within the key manager using NIST validated AES encryption. This is a critical new feature for business who need to meet PCI-DSS compliance requirements.
• Multiple key management options - Developers can choose from multiple key management options from key management in the cloud to a physical hardware security module (HSM) that they can rack up in their own IT infrastructure. Townsend Security also offers virtual and hosted options.

To learn more about Key Connection for Drupal and how you can encrypt sensitive data in Drupal using NIST validated AES encryption and protection of encryption keys using FIPS 140-2 compliant key management, listen to the podcast featuring the Key Connection for Drupal developers.

Education is what remains after one has forgotten what one has learned in school.

Albert Einstein

One important aspect of our work is supporting our customers and answering their questions. There is a lot to learn, and there are a lot of sources of information, and it can be difficult at times to decide what information to take in and what to let pass by.

Beyond answering their questions about broader topics such as security and compliance, we also end up discussing some very technical issues that they have questions about as well. It’s not usually until after someone begins working with our products that we step in to answer questions about the technical aspects, the nitty gritty, of how a product addresses their security and compliance needs. In this article I will cover in greater technical detail five frequently asked questions about working with PGP encryption, as well as some tips and tricks on how to get the most out of it.

1. I have encrypted a file for my trading partner, and I want to verify it, but when I try to decrypt it, why do I get an error?

If you are encrypting a file for a trading partner you are most likely using their public key. Because a public key can be given out to anybody, it becomes important to prevent just anyone from decrypting it. Thus the file can only be decrypted with your trading partner’s private key, which only they should have. Based on the principles of asymmetric encryption, it is impossible to encrypt and decrypt with the same key.

There is however a way to encrypt the file for both your trading partner and for yourself to decrypt. You can encrypt the file with multiple public keys, in this case your trading partner’s and yours. Our PGPENCRYPT command does this through the use of the ‘Additional user IDs’ parameter, in which you would define a public key for encryption to which you had a matching private key for. That way you would be able to decrypt it using your private key to verify the contents of the file.

2. How do I provide my trading partner with my key?

When you are exporting keys from the keyring there is one important question to ask, will the key be used for encryption or decryption? When you are exchanging files with a trading partner you have to remember that you will be encrypting with their public key and they will be encrypting with your public key. But decryption, again, can only happen with a private key.
So if you need to export a key for encryption it needs to be the public key, if it’s for decryption you should export the key pair.

Our PGPKEYEXP command can accomplish both for you. You would define the key to export with the ‘Export type’ parameter, where *PUBLIC exports the public key and *KEYPAIR exports both the public and private keys in one file. You can verify what was exported by viewing the file. Even though they keys themselves are unreadable the title is. An exported key pair would list the private key first.

It is important to note that under no circumstances should you provide your private key or the entire key pair to your trading partners or vendors. The option to export the key pair is built into the application to allow you to move individual key pairs between your company’s own servers.

3. My trading partner’s key has expired, can I update its expiration date using PGP commands?

There is a way to update the expiration date on a public key, but not one you received from a trading partner. The public key can be updated only if you have the matching private key and the private key’s password. Because your trading partner should not ever share neither their private key nor their password, you cannot update the expiration date on that public key.
You will need to attain the new public key from your trading partner. The good thing is that most trading partners have a system in place that should inform you ahead of time of the impending expiration of their public key and either provide the new key with that notice or provide instructions on how you can obtain it.

4. I have received a key from a trading partner and I have added it to the keyring but I can’t encrypt with it (or I am being asked if I want to trust the key every time I try to encrypt with it), how do I trust it?

When you first import a public key PGP will not ‘trust’ it, since information encrypted with it can’t normally be recovered (see Question 1 for options). When you try to encrypt with it, PGP will error out, although when you are encrypting interactively, it will prompt you. To trust the key you need to do the following 2 steps:

1. Sign the new key with your private key to validate the key using the PGPKEYSIGN command. Because you are using your private key to do this you will need its password as well.
2. Then you need to set its trust level using the PGPKEYCHG command. Once you have done this PGP will accept the key for encryption.

5. My trading partner wants me to sign the file. What does signing a file do?

Signing a file is a way that you can help your trading partner make sure the file they received really came from you. You can encrypt and sign a file or just sign it, on the latter the contents of the file remain visible but an encrypted string is added to the bottom containing your signature. A signature can only be created with a private key, so your trading partner can be pretty certain that the file could only have come from you. The signature is verified by PGP by using your public key to decrypt and read that encrypted string. The string is never stored in the clear but it is read and PGP returns a message that it has verified it. This does mean that anyone with your public key can verify your signature, but then again that is what you want. If a file is both encrypted and signed, the signature would be read by your public key and the contents decrypted by your trading partner’s private key. You can define the signing key in our PGPENCRYPT command with the ‘Signing user ID’ parameter and by providing the command with its password. You can also sign a clear text file or an already encrypted file with the PGPSIGN command.

For more information on encrypting data in transit with PGP, download the podcast, “PGP Encryption on the IBM i,” featuring data security expert Patrick Townsend.

Supporting two models for encrypting data = Alliance Key Manager

Traditional encryption key retrieval with local encryption is when you retrieve the encryption key from the hardware security module (HSM) key server and use it with your own local encryption library to encrypt or decrypt data. The encryption key is transmitted securely from the key manager to your application, your application uses the key as long as it needs to, and then destroys that key.

On-board encryption is where you can send the data to the server, along with the name of the encryption key, and ask the server to encrypt or decrypt the data. In this case you never retrieve the encryption key, you actually send the data to the HSM device encrypted or decrypted, the encryption takes place on board actually within the hardware security module (the key manager itself), and you get the results sent back securely to your application.

When would you typically choose to do on-board encryption rather than retrieve the encryption key and then do encryption locally?

• Vulnerable client applications - you would want to use onboard encryption when you have more risk in an exposed environment (web application or ATM or kiosk), that way the encryption key (which is the secret you're trying to protect) remains within the HSM and never leaves it.
• Amount of data to be encrypted is small - Small chunks of data, such as credit card numbers, Social Security numbers, e-mail addresses, etc., are prime examples of things you can use onboard encryption for effectively.
• If you don’t have encryption library - if you're working with an embedded system and you have a small amount of resources on your application side.

When should you not use onboard encryption for applications?

• When you have large amounts of data it is best to retrieve an encryption key and perform the encryption locally.

How does Townsend Security’s encryption key manager, Alliance Key Manager, implement on-board encryption?

• Your application will launch and create a secure encrypted TLS connection to Alliance Key Manager. There is an authentication mechanism that requires you to have a proper certificate and private key.
• When that connection is open and authenticated, you send the data that you want encrypted and the name of the encryption key to be used to the key manager HSM.
• Once the encryption is complete and the key manager sends data back to your application over the same secure channel, the connection can then be torn down.

Once a developer has decided to use onboard encryption with Alliance Key Manager what do they need?

There are three mechanisms that we deploy to make it a straightforward and simple process for developers use on-board encryption or key retrieval.

• First we provide some software libraries, dynamic link libraries, in Windows or .NET assemblies or LINUX of shared libraries that can be used out of the box to perform these kind of tasks. These software libraries are on our AKM supplemental CD image and are free to use.
• We also provide actual sample source code, that can be used as a starting point for an on-board encryption or traditional encryption key retrieval project.
• We also provide purpose built applications that are ready to use out of the box to implement onboard encryption (typically by a configuration option when our software is installed).

For more information this brief video will talk about traditional encryption key retrieval versus onboard encryption services on the Alliance Key Manager device:

• When you want to use, or avoid using, onboard encryption
• Practical guidelines on how Alliance Key Manager implements the encryption service
• How your applications will actually use either key retrieval or onboard encryption
• Some performance and connection issues, and then
• We'll point you to some resources that might be helpful as you do your project