Encrypting Data: Don’t Hand Over Those Keys

Encrypting is a fundamental security factor. And before you murmur “Thanks, Captain Obvious,” consider the large scale data thefts that have occurred just lately.

  • Ashley Madison. Probably enough said on that.
  • LoopPay, the technology behind Samsung Pay. Two words: Chinese hackers.
  • US Office of Personnel Management. The CIA blames China, and is so concerned about
  • Sony. Embarrassing emails entertained the public but it was way too easy to actively harm a big enterprise.
  • Coca Cola. Privately Identifiable Information (PII) lifted from unencrypted laptops.
  • And on and on and on.

Encryption won’t stop the network intrusions – or keep laptops from being stolen — but strong encryption will stop the bad guys from using the data they stole. Nearly every type of encrypted data can be hacked eventually, but the stronger the encryption the more impractical it is for the hackers to bother. One major approach to encryption is dual encryption, which is very strong as long as the hackers don’t get hold of the key. This is where securing the key as well as the data becomes very important.

The Wall of Shame

  • Internal intrusion. Service provider staff is mostly honest and forthright. However, many data instructions are inside jobs – not just on the service providers’ part but also on the employees’. Never assume that a key is perfectly safe in just anyone’s hands. Trust your service provider and trust your employees. Remember Edward Snowden? No matter what you think of him personally, no one wants a Snowden on staff.
  • Hackers. An encryption key is only as good as its security. One hacking group attacked an ecommerce site and stole highly sensitive customer info. The website company apologized for the intrusion but claimed that customer credit card numbers were safe because they were encrypted. They were – except that the company had stored the dual encryption keys right on the same server that held the private data. The company might as well have handed over their customer info to the hackers and wished them luck for all the good that encryption did.
  • Government. If you encrypt your data at a service provider site, including public clouds, dual encryption can get a little tricky. I’m not calling government a shame but it’s true that the NSA (at least) regularly taps large service providers for customer data. Even if your data is dually encrypted, if the SP has the key they can decrypt your data. You may well need to turn your data over to the NSA if they subpoena you, but that decision should be between you and the government. (Note: be careful what kind of encryption you are using. The RSA is well aware of some popular encryption techniques and how hackable they may be.)

Service providers are well aware of these issues around encryption keys. If the customer prefers to store the key with the service provider, then be certain that the SP stores your key separately from the data, in a different physical server system or a different partition. This is not ideal, and you may prefer to adopt a method of dual encryption where both you and the SP have part of the key, which protects against a single individual or intrusion attempt getting hold of a full key.

Other companies decide to keep their keys behind the corporate firewall. Firewalls are by no means hack-proof, even at sophisticated companies. But you have control over the encryption key server, and as long as you store it apart from any encrypted data that the key controls, you will be in a good position to keep your data secure.