Key Management in the Cloud
The Importance of Key Security in Encryption
“I have made a living as a cryptography consultant: designing and analyzing security systems. To my initial surprise, I found that the weak points had nothing to do with the mathematics. They were in the hardware, the software, the networks, and the people.”
— Bruce Schneier, Secrets and Lies
Encryption is fantastic for data security. It offers mathematically provable assurance that your data is able to be read only by you. It offers the assurance for most CIOs and CSOs to be able to get a good night’s sleep.
However, while this is true in a narrow scope, many of us are aware that typically, breaches of data don’t occur because a brilliant mathematician developed an earth-shattering new backdoor to defeating AES-256. Rather, it’s the attacks that compromise other weak points in systems, people, and processes that tend to create breaches.
For example, most accounts suggest that a 2011 email phishing campaign targeted at small groups of rank-and-file employees was responsible for the notorious breach that compromised the SecurID hardware token seeds at EMC’s RSA Security division. This incident highlights that even the most sophisticated encryption technology can be compromised by relatively simple tactics like social engineering or phishing attacks. Therefore, it is crucial to implement security measures that not only protect data with encryption but also address other potential vulnerabilities in systems and processes.
While employee security awareness training is a component of any healthy information security program, encryption key security is not to be overlooked. As with the hardware token seeds, the encryption keys are, well, the key security mechanism for any encryption scheme. Their security is paramount; key storage, retrieval, and usage are areas of potential weakness for any system purporting to be ‘secure by default.’
Clumio’s Approach to Key Security
Clumio has built key security into its core platform. First, a Customer Master Key (CMK) can reside in the customer’s own KMS. The Clumio service combines Data Encryption Keys (DEKs) with CMKs and stores their ciphertext together with the encrypted customer data. The CMK plaintext is not stored and is only present in memory during encryption operations. When customers need to retrieve their data, temporary keys are securely generated and downloaded to their premises. The Clumio service decrypts the data, re-encrypts it with the temporary keys, and then transmits it. This process ensures that the CMK stays in the cloud and does not need to be unnecessarily transmitted.
Additional Security Mechanisms
Transport Layer Security (TLS) protects these transactions at the outer layer.
We apply the principle of least privilege to IAM roles and policies to ensure that permissions are governed to provide the minimum rights required for components to perform their functions.
Additionally, we utilize AWS-provided services for data security, such as server-side encrypted SQS queues, encrypted EBS volumes, and encrypted S3 buckets, to further enhance our security measures.
The point of using multiple encryption keys for different purposes is to address some of the core weak points of security: the software and the network. This doesn’t negate the need to address other weak points, but it creates a solid foundation for secure data protection that should satisfy both IT departments and CSOs.
Clumio leverages the scale and elasticity of the public cloud to dynamically meet the changing needs of the enterprise. Security is incorporated at the core of its design to provide a secure backup and recovery service. This empowers the IT team to focus on strategic business priorities, instead of the mundane tasks of managing backup and restore infrastructure.