Email:support@eranet.com WhatsApp:+(852)68882160

To secure the cloud, keep all your keys in one place

  • Release time:2014-06-03

  • Browse:11756

  • Cloud computing, big data, and the hybridization of IT environments represent real, seismic shifts in the way organizations leverage technology to provide better customer service, more effectively solve problems, and gain a competitive advantage. But as adoption of these technologies grows, so too does the amount of sensitive data and variety of information objects that require tight management and security.

    As companies put more of their IT infrastructures, critical applications, and valuable company data into the cloud, they should be using security measures, such as encryption, tokenization, authorization, and access controls to protect these valuable business assets.

    These security procedures create an abundance of encryption keys, tokens, certificates, passphrases, and configuration files. What's more, the burgeoning use of big data, by which data can be spread across hundreds of servers, magnifies the creation of these operational objects. An organization literally can have tens or hundreds of thousands of security artifacts to store and manage, and the irony is that even the most security-minded companies don't know where all these objects are.

    Increasingly, organizations are using multiple utilities and management systems spread across clouds to protect these objects. This practice creates operational inefficiencies, unnecessary expense, and security risks.

    For example, a majority of enterprise companies today encrypts data. The companies secure data in transit, in the application, and at rest. That's certainly better than the alternative of leaving sensitive data in plain text for anyone to see and steal. But encryption is only half the equation. Many of the same "security-aware" companies that encrypt do not properly manage their keys, often storing a key unencrypted in a config file or a spreadsheet. A malicious hacker can discover an unsecure key string in less time than it takes to read this sentence. Encrypting data and not using a key manager is like locking your car and leaving the keys in the door.

    Traditional key-management appliances, such as HSMs (hardware security modules), weren't designed to work in and across cloud environments. Instead, HSMs were built for enterprise data centers wherein a single organization owned and operated all the computing assets. The rapid ascent of public and hybrid cloud computing has made hardware-based key and certificate managers more niche security items than must-haves.

    Using a software-based key-management system that is purpose-built for the cloud, an organization can store all its keys, tokens, certificates, and passphrases in a virtual "master vault" that is universally managed by the company's policies, controls, and business logic.

    We'll get into how policy-based key management works below, but let's start with some definitions:

    • A deposit is anything stored in the key manager. It could be a key or a configuration file. For the purposes of this article, we'll make it an encryption key.
    • A client is an application or service that can deposit and retrieve sensitive information objects from the key manager.
    • A policy is a rule established by the data owner that enforces the circumstances under which a key can be retrieved or revoked.
    • A trustee can be a person or automated process that controls access to a deposit but can neither view nor access the content.



    New chance for domain registrant and investor !

    With 44% of the world's Internet population, China is a dominating force on the Web.
    .wang may not be recognizable to non-Chinese users, but "wang" is a translation of the character 网 and represents the word "website." 
    Since the character itself could not be its own string (no one character strings were allowed), .WANG is meant as an alternative for Chinese users across the globe.
     .Wang can be used by anyone, for any purpose, making it a great extension for hooking into the Chinese global community.Bookable in advance.wang domain at www.eranet.com at $18 .

    Tel: 852-3999 5400/852-35685366
    Email: support@eranet.com

Search

Document