Is Your Cryptographic Security Setup Holding You Back?
Imagine a scenario where data is kept on hard drives or disks you own, phones can only… well… make phone calls (or send simple text messages), and currency is only of the traditional fiat kind. Welcome to 1999. Back then, cryptographic keys were secured only by hardware, tokens or smart cards- solutions that for the most part worked well without many security and privacy concerns. 20 Years Later: A New Digital Reality In 2019 interconnectivity and growth of data have exploded and the digital world continues to expand at breakneck speed, with 20 billion networked devices and data anticipated to grow tenfold from 2017 to 2025. 96% of companies now use cloud services and 81% of enterprises operate multi-cloud landscapes. There are over 5 billion mobile phone users, with 2 billion customers preferring mobile banking rather than enter a physical branch. The currency ecosystem is also unrecognizable from 1998. Daily crypto trades are at $30 billion across over 2000 cryptocurrencies in the market. Total market cap for cryptocurrencies is at around $130 billion as of March 2019, and Tier 1 banks want to get in the game, exploring cryptocurrency services. Digitization only continues to grow. Organizations rely more on cloud, mobility and IoT infrastructures for their operations, and consequently, more business-critical data is dispersed across those platforms. companies are challenged to find infrastructure to deal with these rapid changes, such as development process, regulation, and new security and privacy needs. New Reality = New Security Challenges Within this abundance of data and interconnectivity is private information that needs to be protected from undesired access or misuse. The use of cryptography for data encryption and other security functions has a fundamental role in protecting sensitive digital data assets from compromise. Strong protection for cryptographic keys is achieved today in isolated hardware such as hardware security modules (HSMs) which leads to tough compromises in terms of agility, cost and experience. Software solutions such as vaults offer protection at a lower level than hardware, and secrets are exposed at least while in use. Often, sensitive data is left unprotected due to lack of awareness or lack of an easy-to-use solution. Hard to maintain control: When your data is in in the cloud or in an endpoint that you do not manage, it is hard to control and protect it; you are essentially dependent on the owner of the device or platform. The control challenge is compounded when considering the breadth of infrastructure in use by the organization – each distinct device platform or cloud provider has their own set of security policies, technologies and limitations. Inhibited innovation: Any modification to existing deployed HSMs – to fix vulnerabilities or add new algorithms, for example – is a lengthy and expensive process, in many cases requiring complete hardware replacement. To Be More Specific… From mobility to cloud infrastructure to BYOD to crypto asset security, there are many challenges organizations face when designing their cryptography implementations. Data protection across data center and cloud infrastructures: Managing workloads in hybrid on-premises and public and private cloud environments is a challenge. With different cloud service providers and on-premises sites, different key management systems, different levels of trust and dedicated hardware coupled together across multiple geographic locations, organizations are forced to manage keys in silos – creating a fragmented security infrastructure which is insecure, costly and highly inefficient to operate. Compliance with security and privacy regulations Security and privacy concerns hinder new business. According to a recent study by Cisco, 65% of organizations experience revenue lags due to privacy concerns, reporting an average of nearly 2 months’ delay. The regulatory landscape is getting more complex. By far most organizations have not achieved compliance with regulations like GDPR and PCI-DSS, and each country has its own laws; today over 120 countries have data privacy laws. A plethora of untrusted mobile devices Bring-your-own-devices (BYOD) are inherently insecure with diverse operating systems and application environments. They are constantly connected and have the potential to be infected by malware or compromised by a rogue actor, putting keys stored on those devices at risk. Today organizations are typically faced with a choice between: dedicated external hardware such as a token or smartcard which causes frustration and hassle to both the users who carry them as well as the provisioning teams who procure and ship them at high costs, or a high-security risk if implementing cryptography on the mobile devices. Securing crypto assets Cryptocurrencies rely on the embedding of a private key-based signature in each transaction. The compromise or loss of these private keys could render fatal results that are irreversible — such as money loss and the erosion of business reputation. What’s a Company to Do? Rapid innovation in our digital, connected world requires a completely new approach to cryptography that is not only highly secure but also elastic, automated and agile. Today, leading companies are adopting new technology to unbind keys from hardware – enabling digital innovation by making cryptography agile and flexible. These software solutions should provide a high level of trust and allow for secure authentication, encryption, digital signing and more to protect information.