Typically, cloud service providers protect keys using software-based solutions in order to avoid the additional cost and overhead of hardware-based security models. Note that software-based key management solutions do not meet the physical security requirements specified in the National Institute of Standards and Technology (NIST) Federal Information Processing Standards (FIPS) Publication 140-2 or 140-3 specifications….
Key Management: Common Approaches on the Cloud
For cloud-computing key management services, the following two approaches are most utilized: Remote key management service: This is where the customer maintains the key management service (KMS) on premises. Ideally, the customer will own, operate, and maintain the KMS, resulting in the customer controlling the information confidentiality, while the cloud provider can focus on the…
Key Management Options
XML Key Management Specification (XKMS) XML (Extensible Markup Language), the flexible data framework that allows applications to communicate on the internet, has become the preferred infrastructure for e-commerce applications. XML-based standards and specifications have been in development for use in the field of key management systems. One such specification is the XML Key Management Specification…
Encryption Key Management
In the old traditional banking environments, a safe required two people with keys to open it; this led to a reduced number of thefts, crimes, and bank robberies. Encryption, as with bank processes, should never be handled or addressed by a single person. Encryption and segregation of duties should always go hand in hand. Key…
Data Rights Management (DRM)
Data rights management (DRM) is a technology aimed at controlling the use of digital content. DRM technology was originally invented by publishers to control media such as audio and video rights. To design and implement data rights management within an organization, traditional security approaches such as access control and data classification have been used to…
Cloud Data Encryption Architecture and Options
Encryption architecture is very much dependent on the goals of the encryption solutions, along with the cloud delivery mechanism. Protecting data at rest from local compromise or unauthorized access differs significantly from protecting data in motion into the cloud. Adding additional controls to protect the integrity and availability of data can further complicate the process….
Is your Sensitive Data hiding from you?
The modern enterprise has evolved into a giant producer and consumer of data. Despite the large volume of controls and efforts to protect various data types, very few organizations can map exactly where their sensitive data is located and what security controls are deployed to guard it. Structured data types that are centrally managed allow…
When is one Cloud a better fit than others?
All major Cloud Service Providers follow the same best practices when building, managing, and delivering cloud services. So, how does one choose the right provider if they are almost identical? It all comes down to the workload you plan to move or create in the cloud. Let’s take an example – you are tasked with…
QuickGuide: Encryption
Symmetric Encryption There are two primary forms of cryptography in use today: symmetric and asymmetric cryptographies. Symmetric algorithms operate with a single cryptographic key that is used for both encryption and decryption of the message. For this reason, it is often called single, same, or shared key encryption. It can also be called secret or…
Data Loss Prevention (DLP)
Data loss prevention and data leakage prevention are terms used interchangeably to describe the controls put in place by an organization to ensure that certain types of data (structured and unstructured) remain under organizational controls, in line with policies, standards, and procedures. Controls to protect data form the foundation of organizational security and enable the…