Zettaset's suggestions for encrypting in-flight data

Summary:Zettaset's security architect makes some suggestions about setting up encryption for data going out on public networks to public clouds. The rules are common sense, but useful to consider.

Eric Murray, Security Architect of Zettaset, offers the following rules for the use of in-flight encryption tools. While the ideas he suggests appear to be simple, common-sense suggestions, if used, they could reduce the level of fears organizations have about data protection and security.

Here's what he suggests

  1. Encryption keys should never be stored along with the data they encrypt, Instead it's better that you use a secure key server. Storing the key with the data means it's available to an attacker. If you opt to hide the key within the software itself, you're making it that much easier for a hacker to gain access.
  2. A client should authenticate to the key server with certificates. Additionally, the key server should be on a private network. The reasoning behind being, if an attacker steals the host it won't be able to access the key server to get the keys.
  3. 3. It's best to use standards and common algorithms. Doing so will keep your options open.  Among the most common Key Management Protocol is KMIP.  Key servers that aren't sealed appliances should use PKCS11 HSMs for key storage.
  4. Using highly available key servers is always advised.  If your hosts can't get to the keys when they need them, then they are out of commission.

Thanks for sharing your suggestions, Murray.

Topics: Security

About

Daniel Kusnetzky, a reformed software engineer and product manager, founded Kusnetzky Group LLC in 2006. He is responsible for research, publications, and operations. Mr. Kusnetzky has been involved with information technology since the late 1970s. Mr. Kusnetzky has been responsible for research operations at the 451 Group; corporate and... Full Bio

Contact Disclosure

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.