The need for Key Management beyond storage is effectively the need to provide security controls that reduce risk when authority is separated from responsibility. The published leak of National Geospatial Agency data onto Amazon S3 by a defense contractor shines a spotlight on both the problem and the solution.
Let’s start with some definitions upfront to support the premise:
Responsibility: "The state or fact of being answerable or accountable for something within one's power, control, or management."
Authority: "A power or right delegated or given."
Based on those definitions, “risk” becomes the delta between authority and responsibility. We are presented with a situation where risk reduction must move beyond system boundaries based on responsibility. Regardless of the NGA situation, consider the following excerpt from the FedRAMP FAQ on monitoring responsibility:
"As a part of the FedRAMP requirements, Federal agencies must implement a continuous monitoring program for any cloud system they deploy. FedRAMP requirements for continuous monitoring work to coordinate ongoing security across CSPs and agencies in accordance with DHS policies and guidance. However, agencies have ultimate responsibility for the continuous monitoring and ongoing authorization of the systems they use."
The last sentence defines the paradigm of Responsibility and Authority. Now, let's consider how we’ve arrived at a point where key management must go beyond mere storage.
In the past, cycles of centralized and distributed computing made it obvious where to point fingers in terms of security. Authority and responsibility were perceived to be close enough to each other as not to expose weakness or fault. Over the past five years, that perception has become less clear; driving the need for technology to address that uncertainty. Security technology that scans inbound and outbound traffic, applies rules for perimeters and firewalls, and offers guidance on how to handle intrusions to the perimeter are products of risk reduction when responsibility and authority are aligned. When the authority is distanced from responsibility for an action, the security model breaks down. For example, when defense contractors working with NGA data are not ultimately responsible for the impact of that information falling into the wrong hands.
With different types of information across different systems and organizations, encryption becomes a reliable constant no matter where responsibility was perceived to be. However, encryption needs the help of key management to align itself with the lifecycles of the data it’s protecting.
Moving past the storage is a direct result of security and risk reduction moving past the perimeter and the data center. But, moving past the perimeter also creates problems in how that communication happens. It is not possible to drive a proprietary approach for communications — not with so many options available. We need to consider standards-based solutions to address the problem.
Just like with self-encrypting drives, the methods in which a key is used can be informed by key management but is ultimately an exercise by the remote system executing the encryption. What the remote system needs is a consistent, available means of getting its own keys based on its requirements.
Serving those requirements necessitates the ability to enforce security that reflects the key owner’s responsibility. So, no matter what a remote system thinks it needs, it is ultimately the core server infrastructure that decides how the remote system accesses encryption key material.
Let's consider the following points based off what is coming to light about the NGA S3 leak:
- With today's technology, people use information further and further away from where they expect control to be. This means cloud, smart houses, cars, and anything else you can imagine. This also means how we build clouds, smart houses, and cars. We use connected things built in connected ways. Yet there is an expectation that responsibility belongs to major companies, governments, and individuals — not all the things in between. NGA is responsible for the information while multiple contractors have the authority to work on the information. This is the scenario in which the leak happened. It’s not going away and security solutions need to take this into account.
- Key management beyond storage makes it possible for encryption to address the risk exposed by the gaps between responsibility and authority. NGA needs solutions that allow contractors to use encryption for data in rest and data in motion while NGA has control of the encryption keys that drive the solution.
- Key management needs standards to align separate collaborative groups and use key management to drive encryption usage. To keep the encryption-based security solution up to speed with technology, NGA needs encryption management to be based on standards that allow for interoperability and transition.
- Responsible parties need to have security controls that delegated authorities cannot change in regards to key management. NGA's key management solution needs to have security controls that are not malleable in light of contractor usage of encryption keys.
- As the use of encryption is more closely tied to key management, the more responsible parties reduce risk by allowing for integrated monitoring based on key requests. The closer release of key material is to use of keys in encryption, the more transactions can be monitored by NGA that allows for tracking the utilization and disposition of encrypted information.
How do we solve this?
Let’s start by acknowledging that how we work with information is not going to move away from a distributed model of operations. Technology is going to make it easier and easier to blur perceptions of where responsibility and authority align and where they do not. What we can change is how we protect information as we live and work in our connected world. With encryption driven by standards-based key management, we can have consistent security and risk reduction inside the perimeter and outside the perimeter.
Fornetix is helping organizations unleash the full potential of encryption by conquering the key management bottleneck. Our Key Orchestration ecosystem automates the key lifecycle across the entire enterprise with groundbreaking precision and speed. As global use of encryption rapidly expands, you can be prepared for the future with unparalleled scalability. Our commitment to standards-based interoperability ensures your existing investments in encryption are fully realized and will continue to integrate seamlessly as your organization grows. Policy-driven automation of the key rotation lifecycle reduces human error and empowers your organization to remain secure and avoid costly data breaches.
If you’re ready to orchestrate your encryption key management, we’d love to hear from you. Please call 1-844-KEY-ORCH or email us for more information.Share this entry