Page 73 - Cyber Warnings August 2017
P. 73
Agile Encryption Is the Only Defense Against Back Doors and
Breaches.
7 Best Practices to Know.
by Prashant Jain, senior product manager, Bracket Computing
As enterprises adopt the hybrid cloud, IT teams need to maintain control over sensitive assets
even on environments they don’t control. Encryption plays a fundamental role in this transition,
allowing IT security to ensure the confidentiality and integrity of enterprise resources in any
environment— particularly across the hybrid cloud.
If implemented and managed correctly, encryption enables logical control over assets even in
the absence of physical control. By creating this logical boundary around enterprise assets,
encryption has become the new perimeter of the network. Having different security controls for
on-premises and cloud adds complexity and offsets security posture especially in dynamic
hybrid environments.
Two challenges face teams using encryption to protect assets on the hybrid cloud:
First, implementing and managing encryption across hybrid or multiple clouds creates massive
operational complexity. Worsening the problem, key management architectures were not
designed to accommodate multiple crypto schema implemented differently across
environments. This inconsistency can lead to human error during implementation and
management of encryption and key architectures, particularly given the cloud’s self-service
nature.
Second, even if encryption is properly implemented and managed, malware and advanced
persistent threats (APTs) can utilize methods such as back doors and breaches, putting
enterprise assets at risk. These issues demand an agile approach to encryption that enables
enterprise IT to ensure the confidentiality and integrity of their assets.
To overcome these challenges, enterprises need a single, agile encryption scheme that works
across environments, reducing complexity and enabling enterprise IT to nimbly block back doors
or breaches. Teams should consider these seven principles to adopt this kind of architecture:
1. Implement Encryption at Boot
If enterprises are planning to move any sensitive assets to infrastructure they don’t control, then
these assets should be encrypted from the point of provisioning. The threat of data theft or
exposure from compromised or inappropriately commissioned servers is real, making boot a
critical juncture for encryption to be in place.
Operational hygiene and simplicity is important across the entire security solution but it is critical
at boot. Having a consistent security posture that is independent of heterogeneous cloud
service providers ensures integrity of assets. For example, ensuring that virtual machines
integrate and enroll securely into the enterprise PKI infrastructure for identity attestation,
certificates, key rotation, and certificate revocations—and knowing how systems log and
account for such information—is critical to verifying trust in environments IT does not control.
73 Cyber Warnings E-Magazine – August 2017 Edition
Copyright © Cyber Defense Magazine, All rights reserved worldwide.
