PKI Still Matters, Especially in the Cloud
Blog Article Published: 07/15/2011
By: Merritt Maxim Director of IAM Product Marketing CA Technologies Inc. Infosec veterans probably remember (with a smirk) how Public Key Infrastructure (PKI) was heralded as the next “big thing” in information security at the dawn of the 21st century. While PKI failed to reach the broad adoption the hype suggested, certain PKI capabilities such as key management are still important. The Diffie-Hellman key exchange protocol which solved the serious technical challenge of how to exchange private keys over an insecure channel basically created PKI. I had not thought about key management until a recent visit to my local car dealer for an oil change. While waiting, I noticed several dealer employees struggling with a large wall-mounted metal box. This box is the dealer’s central repository for all car keys on the dealer’s lot. The box is accessed via a numeric keypad which appeared to be a sensible approach since the keypad logs all access attempts for auditing and tracking purposes. However, on this particular day, the numeric codes would not open the box, leaving the keys inaccessible and employees quite frustrated. I left before seeing how the problem was resolved, but this incident reminded me of key management and how this technology is still crucial for data management especially with rise of cloud computing. Key management often goes unnoticed for extended periods of time and only surfaces when a problem appears, as was the case at the dealer. When problems appear, key management is either the solution or the culprit. In the latter case, key management is generally the culprit because of an improper implementation. Poor key management can create several significant problems such as:
- Complete Compromise-A poor key management system, if broken, could mean that all keys are compromised and all encrypted data is thus at risk (see my postscript for a great example). And fixing a broken key management system can be complex and costly.
- Inaccessibility-As I witnessed at the dealer, a poorly implemented key management may prevent any or some access to encrypted data. That may seem good from a security standpoint, but the security must be weighed against the inconvenience and productivity loss created from being unable to access data.
- Volume of keys-In a peer to peer model, using freeware like PGP may work, but when you are an organization with thousands of users, you need centralized key management. Just like organizations need to revoke privileges and entitlements when a user leaves the organization, you need to do the same with cryptographic keys. This can only be achieved via central key management and would crumble in a peer to peer model.
- Archiving and Data Recovery. Data retention policies vary by regulation and policy, but anywhere from three to 10 years is common. If archived data is encrypted (generally a good practice), key management is necessary to ensure that the data can be recovered and decrypted in the future if needed as part of an investigation. The growth on cloud-based storage makes this problem particularly acute.