A top-of-mind question for business leaders across all industries is how to eliminate the risk of a data breach. In addition to removing sensitive data from your business process, there are two other tactics you should deploy: application-level encryption and strong authentication.
Though it is generally accepted that encrypting sensitive data will protect your organization, most people in the security business don’t realize that not all encryption is equal. Even when using NIST-approved algorithms with the largest key sizes available, data is still at risk.
How is that possible? Well, all other things being equal in the cryptographic sense, two design decisions matter when encrypting data: 1) Where the data is being cryptographically processed and 2) How are cryptographic keys being managed?
First, let’s address processing. If data is encrypted and decrypted in any part of the system (e.g., the hard disk drive, operating system, database) other than the business application using that data, significant residual risks remain despite the encryption.
An attacker needs to only compromise a software layer above the encrypting layer to see unencrypted (plaintext) data, because the decrypting layer below will already have decrypted the sensitive data before sending it to layer above in the stack.
Since the application layer is the highest layer in the technology stack, this makes it the most logical place to protect sensitive data, as it affords the attacker the smallest target (in order to compromise sensitive data within the application layer, the attacker will have had to find a vulnerability within the application – or the administrator's credential - and access regions of memory accessible only to the application or the administrator).
This also ensures that, once data leaves the application layer, it is protected no matter where it goes (and conversely, must come back to the application layer to be decrypted).
In terms of how cryptographic keys are managed and protected, if you use a general-purpose file, keystore, database or device to store your keys, this would be the equivalent of leaving company cash in a general-purpose desk or drawer. In the same way that you need a safe to store cash in a company, you need a purpose-built key management solution designed with hardened security requirements to protect cryptographic keys.
These solutions have controls to ensure that, even if someone gains physical access to the device, gaining access to the keys will range from very hard to nearly impossible. If the key management system cannot present sufficiently high barriers, even billion-dollar companies will fail to protect sensitive data – as many recently have and continue to do.
Though the details and complexity of cryptography can seem taxing, it is important to recognize that an encryption solution provides the last bastion of defense against determined attackers. It is well worth a company’s time to give both application-level encryption and key management the proper attention.
While encryption is a best practice, so is strong authentication. In fact, it should be the first line of defense. Strong authentication is the ability to use different cryptographic keys combined with secure hardware (in the possession of the user) to confirm that the user is who they claim to be.
While digital certificates on smartcards provided such capability for over two decades, they are expensive and difficult to use and support, even in highly technical environments. The FIDO Alliance is attempting to simplify this problem by eliminating passwords entirely; some early solutions have already made it to market this year, with successful deployments under way.
With strong authentication as the first line of defense and application-level encryption backing it up, even if an attacker managed to slip past network defenses – as they always seem to do – there will be little opportunity to compromise sensitive data.
While no security technology is absolutely fool-proof, when implemented correctly, these two security technologies raise the bar sufficiently high to “encourage” the vast majority of attackers to move onto easier targets.