SECURELY MANAGE AND STORE YOUR OWN ENCRYPTION KEYS

The Enterprise Key Management platform provides secure and centralized administration of encryption policies and encryption keys. It can be deployed in physical or virtual infrastructure, and public cloud environments. It provides granular access controls so unauthorized users and processes cannot access the encrypted data.

USE CASE – Cloud Data Storage

Public cloud providers offer many services to consumers and in general work hard to provide a reliable service at an affordable price, but what they don’t do is take responsibility for the security of your data. Even a not so thorough review of their Customer Agreement, Terms of Service or Privacy Policies will clearly reveal that they decline responsibility for the security of your data.

Here are a few points to consider when crafting your company’s data protection policies as they would apply to cloud storage:

– Although many cloud providers offer some sort of data encryption, they are admittedly not data security experts, so terms like “attack resistance”, “data harvesting”, or “safe harbor” may be foreign to them.

– Even if the cloud provider claims to encrypt your data once it arrives in their cloud environment and then generates and provides you with encryption keys – they also have a set of keys to your data. This means that their system administrators and anyone who you agreed to let access your data in your Customer Agreement or Terms of Service may also be able to access your data if they were able to get of an administrator’s credentials. As a business owner this out completely out of your control. (This has already happened to a mainstream cloud service provider; hackers got hold of and used an employee’s password to get into the provider’s corporate network and steal user credentials.)

– In many cases, public cloud providers make it difficult to configure their cloud storage options, and if the data wasn’t encrypted by you before it arrived in the cloud – it is unsecure and vulnerable.

“Poor security practices, complicated controls and rushed technology programs are causing a rash of data breaches stemming from the use of cloud services, experts say. Both users and cloud providers could be doing more to prevent them.” -Wall Street Journal (Aug 27, 2019)

– Not encrypting your data before it leaves your environment (data-in-transit) and instead relying on the security of an encryption protocol or “encrypted tunnel” to get it there is also exploited regularly by cybercriminals. Man-in-the-middle attacks can be extremely effective at intercepting data. Unless its encrypted, and the safety and security of the encryption keys is kept safe.

Secure Channels’ encryption and key management solution allows organization to retain control of their data security while reducing the likelihood of any single cybersecurity attack being successful.

Existing encryption key management and HSM solutions can be challenging to manage when dealing with more than a small number of keys. (At least one major cloud provider has a hard limit of the number of keys they will store for you and do not have an options to increase their limit.) To overcome this obstacle Secure Channels has partnered with leading cloud key vault providers to resolve those challenges. When using a cloud key vault in addition to our solution, administrators are able to search among 1000’s of files to match the correct encryption key with the encrypted file.

Sources:
WSJ Article – Human Error Often the Culprit in Cloud Data Breaches

Mistakes made by customers can often lead to the finger being pointed at cloud providers Aug 27, 2019

https://www.wsj.com/articles/human-error-often-the-culprit-in-cloud-data-breaches-11566898203