A Strategic Approach to Enterprise Key ManagementEnterprise Key Management

D k T l kDerek TumulakVP Product Management, EDP

SafeNet

Overview• What is Key Management?• Data Breaches and the Regulatory Landscapeg y p• Key Management Standards• The Need for Key Management• Key Management Alternatives• Components of Enterprise Key Management

E t i K M t A hit t• Enterprise Key Management Architecture• Conclusion

What is Key Management?• From Wikipedia, the free encyclopedia

– In cryptography, key management includes all of the provisions made in a cryptosystem design in cryptographic protocols in that design in usercryptosystem design, in cryptographic protocols in that design, in user procedures, and so on, which are related to generation, exchange, storage, safeguarding, use, vetting, and replacement of keys. There is a distinction between key management, which concerns keys at the users' level (i.e., passed between systems or users or both), and key scheduling which is usually taken to apply to the handling of key material within the operation of ausually taken to apply to the handling of key material within the operation of a cipher.

– Appropriate and successful key management is critical to the secure use of every crypto system without exception. It is, in actual practice, the most difficult aspect of cryptography generally, for it involves system policy, user t i i i ti l d d t t l i t ti itraining, organizational and departmental interactions in many cases, coordination between end users, etc.

– Many of these concerns are not limited to cryptographic engineering and so are outside a strictly cryptographic brief, though of critical importance. As a result, some aspects of key management fall between two stools as the p y gcryptographers may assume this or that aspect is the responsibility of the using department or upper management or some such, while said department or upper management regard it all as being outside their concerns because 'technical', and so within the purview of the cryptographers.

Data Breaches in the USJan 10, 2000: Hacker steals 300,000 credit cards from CD Universe

Feb. 15, 2005: Choicepoint announces theft of 163,000 records, p ,

June 16, 2005: Cardsystems is hacked, exposing 40,000,000 recordsSept. 10, 2006: To date, over 165,000,000 records have been breached

Disclosed Data Loss Incidents

Sources: privacyrights.org, attrition.org

138

325

150

200

250

300

350

5 10 2 12 22

0

50

100

150

2000 2001 2002 2003 2004 2005 2006

Rising Cost of Data Breaches► In 2006, companies spent nearly $5 million when data was lost or

stolen

► Average cost per compromised record was $181:

2006 Cost

Detection & escalation

$11escalationNotification $25Response $47Lost Business $98Total $181

Source: Ponemon Institute’s 2006 Cost of Data Breach Study

Evolving Regulatory Environment

► PCI, CISP ► S b O l HIPAA GLBA► Sarbanes-Oxley, HIPAA, GLBA► SB 1386

• Visibility and power of regulators has increased dramatically• Ever-increasing levels of oversightEver-increasing levels of oversight

– More detailed regulations, stricter enforcement

• Companies are looking to future-proof their security investments

– Systems and processes need to meet a broad set of regulations– Architectures must be leveraged to meet future, unforeseen developments

Key Management Standards• Standards relating to enterprise key management

– IEEE 1619.3– TCG– NIST– PCIPCI

• Many standards have been more historically focused on PKI

• More recently standards are focusing on enterprise data protection symmetric versus asymmetric

The Need for Key Management

With the emergence of many data privacy encryption technologies customers are

Enterprise Environment

yp gexpressing strong interest for an enterprise key management solution for:

ApplicationsApplicationsDatabasesFile SystemsStorage DevicesTapesTapesLaptopsSmart phonesDigital CertificatesPrintersPrintersSwitchesMainframesRetail Systems

Key Management Alternatives

• Native• Software• Enterprisep

Key Management Alternatives – Native

• Solution typically tied to specific application or environmentenvironment

• Limited or no interoperability with other key management systemsmanagement systems

• Creates many islands of disconnected solutions; difficult to scalesolutions; difficult to scale

Key Management Alternatives – Software

• Solution does not offer the same level of security has hardware based optionssecurity has hardware-based options

• Enterprise keys need to be protected with the highest level of securityhighest level of security

Key Management Alternatives – Enterprise

• Native and software approaches tend to be point solutionspoint solutions

• Enterprise solutions enable hardware-based protection for key across a wide range ofprotection for key across a wide range of heterogeneous environments

• Multiple enterprise key managementMultiple enterprise key management solutions can co-exist; key management hubs

• Fundamental goal is to minimize the numberFundamental goal is to minimize the number of key management systems within an enterprise

Enterprise Key Management Components Security

• Hardware-based solution; FIPS and Common Criteria• Centralized key management• Authentication, authorization, and auditing

Performance• High performance key import and export• Batch processing for massive amounts of data• Efficient backup and restore capabilities

Flexibility • Support for heterogeneous environments• Support for open standards and APIs• Range of enterprise deployment models

Manageability• Simplified appliance-based approach• Web management console • CLI (command line interface)

Availability

CLI (command line interface)

• Enterprise clustering and replication• Load balancing, health checking, and failover

G hi ll di t ib t d d d• Geographically distributed redundancy

Security √

• Centralization– Keys and policy created and stored in a single location

• Centralized policy management• Centralized logging and auditing• Even when keys are wrapped and exchanged with other systems they

are still managed and archived centrallyare still managed and archived centrally– Keys stored in a different location than encrypted data

• Keys are not scattered across a range of enterprise devices• Clear separation and definition of boundaries• Hardened FIPS and CC compliant solutions

S i f D i

Security √

• Separation of Duties– Configurable such that one administrator does not have access to both

keys and policies

• Strong encryption algorithmsAES 256 RSA 2048– AES 256, RSA 2048

– Support for SSL communication to other devices

S f• Support for extended cryptographic services– Encryption– Data Integrity using HMACg y g– Non-repudiation using Digital Signatures

Security √

• Authentication, Authorization, and Auditing– Secure, multi-factor authentication and access control between enterprise

devices and key manager– Granular authorization capabilities enable the enforcement of least

privilege. LDAP i t ti– LDAP integration

– Every key management event is logged

• Automatic alerts – Administration is automatically alerted via SNMP traps if policy thresholds

are exceeded

Performance √

• High Performance Import and Export– Capable of importing and exporting keys securely over the network at an p p g p g y y

extremely fast rate

• Batch Processing– An extended capability enabling enterprises to migrate large amounts of

data utilizing specialized hardware

• Efficient Backup and Restore• Efficient Backup and Restore– Ability to backup and restore millions of keys without affecting applicatin

performance

Flexibility √

• Heterogeneous Environments– Single comprehensive solution for the entire environment– Web Application Database File Switches Printers etcWeb, Application, Database, File, Switches, Printers, etc.– Data Center or Distributed Environments– Standard APIs and cryptographic protocols; Java, C, XML,

SOA

• Scalability y– Solutions with key storage capacity into the millions– Clustered in load balanced configurations to increase

capacity and offer redundancy

Manageability √

• Administrative Interfaces– Web management GUI and CLI

Key and Policy Management tasks– Key and Policy Management tasks• Key creation• Policy creation• Key rotations• User and user group creation, access control lists

– Network and System Management Tasks• Managing administrators• Detailed Auditing and Logging• Detailed Auditing and Logging • Performing upgrades• Backup and recovery • Key rotation

High Availability å Load balancing: In the event that a primary tier fails, load should transparently shift

to the secondary tier• Clustering/Replication: Any configuration or policy change made on a single device

should be automatically replicated to all devices within the cluster

San Francisco(Primary Tier)

New York(Secondary Tier)

Enterprise Key Management Architecture

ApplicationServersW b

Databases

Storage/ Tape

ServersWeb Servers File Servers

Laptop/Device

Enterprise Key Manager

Data Center

Conclusion• Develop a key management strategy that includes all

of the core components of enterprise key management

• Work with vendors that are approaching key management and data protection for the long-termmanagement and data protection for the long-term versus those pitching solely tactical point solutions

• Continue involvement in and awareness of industry standards