During the holiday season, business volume goes up and people look forward to time off. When temporary workers fill in, they aren’t as well trained in security. Data thieves take advantage of distractions, reduced staffing, and heavy traffic to grab some “gifts” for themselves without being noticed.
An attacker who cracks a password or otherwise bypasses security can rummage around at will, grabbing files with confidential information. Keeping critical data safe requires more than one layer of protection. Below we talk about multiple layers of protection as well as the importance of key management in holiday commerce.
ENCRYPTION FOR DEFENSE IN DEPTH
The best way to keep sensitive data safe is to encrypt it. If attackers grab strongly encrypted files, it won’t do them any good. Managing encrypted files, though, can be a headache. Securely communicating with short-term partners during the holiday season adds to the difficulty.
The best methods rely on an encryption key, a long string of random-looking characters. To encrypt a file, you have to either generate a key or use an existing one. To get the file back, you use a decryption key. Depending on the scheme, you might use the same key for encryption and decryption (called symmetric encryption), or different keys for each (called asymmetric encryption).
Keys also protect Web services. To get information from a web service API, the requester has to provide an access key. If an intruder gains access to the network, services that provide personal information and other sensitive data are still out of reach.
KEEP THE KEYS LOCKED UP
This leaves an important question: What do you do with the key?
If you store the key on the same account as the file it protects, it doesn’t offer any protection. Whoever gets into your account can grab the file and the key. You can store it somewhere else, like on a USB stick, but then it’s easy to lose. Encryption is great, but if your keys are unsafe, then it doesn’t do anything for security.Suppose your company is planning some surprise visits by Santa, and you don’t want any leaks. You’ve received his schedule in an encrypted document, and you need to forward it to the retail liaison officer. How do you share the file safely? If you email a decrypted copy, you’re exposing it to interception. If you email the key, you create a risk for all the files you’ve protected with it. You need to encrypt critical files while keeping their keys safe, yet readily available. Many organizations never come up with a satisfactory solution to the problem. They use a variety of tricks and workarounds. When they aren’t adequate, keys can be stolen. When they aren’t systematic enough, people may lose track of keys and be unable to open files.
KEY MANAGEMENT PROTECTS KEYS
The solution is to use a key manager. It can hold keys safely and in a consistent say, so that no keys are lost or stolen. The password manager on a personal computer or mobile device is a simple example. It holds all the user’s passwords in an encrypted form, and only someone with the login password can get them.
A personal password manager protects just one user, and it depends on the safety of the login password. Enterprise key management is more complex and aims for a higher level of security. It provides for storage, retrieval, sharing, and deletion of keys. Users can each store their own keys, safe from other users who aren’t authorized to touch them.
For maximum safety, the key store should be encrypted and reside in a different location from the files it protects. Cloud-based key management lets people access their keys from anywhere and share their keys with selected collaborators. Executives off on holiday trips can still check in and review documents safely.Enterprise key management needs to deal with a variety of encryption methods and key formats for different applications. It needs to retrieve and apply the keys without exposing them. This means sending them over a secure channel, using them as required, and not leaving any traces that a data thief could pick up. Even the user doesn’t have to see the key. The holiday season can be chaotic, but if your business makes file encryption a regular practice, it can keep the security risks low. Encrypted files and databases, protected by managed keys, keep information safe even when attackers penetrate file systems. They allow safe sharing of data. Data thieves might reach into the stocking, but they’ll only get lumps of coal. Lockr provides secure, off site key management for data and service APIs, adding protection in depth against anyone who penetrates network defenses or intercepts communication. Contact us to learn more.