img_blog

Keys to the Kingdom: Demystifying Encryption Key Management

keys-to-the-kingdom-demystifying-encryption-key-management

Learn how to protect your company’s critical data, whether it’s housed internally or in the cloud

In the cloud, many of us may not realize how susceptible our critical data is to prying eyes. Many Software-as-a-Service (SaaS) apps make it extremely easy for third party providers to read your data, and if these providers use inferior security measures, your information could be an easy target for hackers.

One way to prevent your critical data from being compromised is by adding an encryption key management system into the mix to protect you from hackers, and allow you to use third party applications without worrying about critical information being disclosed.

How does encryption work?

To understand encryption key management, it’s critical to first understand encryption itself. Encryption uses a key, which is simply a random combination of characters to transform data into an inaccessible format. This data is not able to be accessed until it is decrypted with the correct key. There are primarily two types of encryption, which include:

  • Symmetric-key encryption – Uses a single key to both encrypt and decrypt information
  • Public-key or asymmetric encryption – Uses a public key to encrypt data, and a private key to decrypt.

For years, 128-bit encryption was used, but as computer power has increased, cyber criminals have found ways to more easily break these 128-bit keys. It’s now recommended that data be encrypted with 256-bit keys, which is much more secure.

Encryption is only beneficial if it’s actually used

While we may be stating the obvious here, encryption is only effective if it’s actually being used. If you’re encrypting data in the cloud, but not on your physical computer, a hacker could easily infiltrate your device and have access to your data.

Furthermore, if you were to erase unencrypted data from a device, it can still be retrieved by skilled hackers unless you overwrite the deleted information with a series of random bits.

As a business, it’s critical to have robust encryption policies in place, and in fact, businesses are much safer encrypting everything as opposed to only encrypting what certain employees deem necessary. Selective encryption is a slippery slope that is almost certain to backfire when an employee shares something that should have been encrypted.

The different sides of encryption key management

The way that encryption works is that anyone that has access to an encrypted file, as well as the key, can unlock it and instantly access the file. This may sound simple, but there are a variety of ways that these keys are managed, many of which are misunderstood by many organizations.

A variety of SaaS providers, including Google, Dropbox, and Box use encryption, but many times these providers keep both your data as well as the encryption keys. While these tools offer an additional layer of security compared to storing data unencrypted on your physical machine, they also give these companies full access to your data, without your knowledge. This means that these organizations could, without your knowledge, turn over your critical data to the authorities, and there would be little that you could do to prevent it from happening.

Importance of enterprise encryption key management

Encryption key management tools act as a buffer between employees and SaaS tools that are used in an organization. Typically, if a company uses one encryption key to protect all of its data, anyone that has access to that key can access any data within the company, regardless of the employee’s level. Encryption key management tools allow companies to grant data access to each user individually, based on the work that they need to complete. Highly-valuable data is only available to a few people within the organization, which should reduce the chance of exposure.

Interested in learning more about encryption key management?

If you’re unsure whether your company is properly protecting its critical data, it may be time to sit down with one of our security experts to see what type of encryption measures are in place. Feel free to give us a call today at 800-860-2040 or send us an email through our contact form.