The importance of cryptographic key management and protection is well known. All of cryptography relies on secrets and keys, and these need to be managed as well as kept out of the hands of attackers. Due to this, solutions for key management and protection have been around for decades. However, these legacy solutions are often not suited to modern business needs and computing environments.
Today, MSSPs and their enterprise customers face four main challenges:
Challenge 1: Hardware-only in a Software World
Legacy key protection solutions were based solely on physical hardware. This made sense in the days of physical machines in a physical data center that was physically managed by employees (and where physical attacks were a primary threat). However, in today’s diverse virtualized environments, relying solely on physical hardware doesn’t make sense anymore. Modern key protection solutions need to be virtualized in the same way as the rest of our computing resources. There may be places where an organization prefers to keep using a hardware solution, but there are many other places where it just doesn’t work and needs to be complemented with a software solution.
Challenge 2: Key Theft Versus Key Misuse
Legacy key protection focused on preventing attackers from stealing cryptographic keys. There is no doubt that stealing a key is devastating, as we saw recently in the theft of SAML signing keys as part of the major SolarWinds breach. However, in many cases, it suffices to misuse the key in order to carry out the attack. In the same SolarWinds breach, the attackers began by obtaining a valid signature on a malicious version of SolarWinds’ software. This required no theft, but merely the ability to fraudulently use the key. In general, if an attacker can get access to a machine that is allowed to carry out cryptographic operations, then the attacker can carry out any of those operations themselves. Key misuse in code signing, financial transactions, certificate issuing, and more, needs to be dealt with. Legacy key protection solutions completely ignore this threat, beyond authenticating the client. Modern key protection must address the threat of key misuse.
Challenge 3: Siloed Management
Today’s enterprises manage keys in multiple different settings – in their on-premise data centers and one to many clouds. However, each environment is managed separately, and often even different on-premise key protection solutions are managed differently. This makes defining companywide policies and other management tasks very difficult, time-intensive, and error-prone. Organizations need to be able to manage all of their cryptographic infrastructure in a single place; in other words, they need a comprehensive key orchestration platform.
Challenge 4: Slowness of Deployment and Lack of Agility
Key management and protection are currently a business inhibitor. This is due to a number of reasons: hardware is slow to procure and deploy, different key management and protection solutions are used in different environments and so moving to a new environment requires significant work, and applications that consume cryptography often need to be refactored when deploying them in a different environment. A single orchestration platform for all cryptographic keys in all environments, with support for software as well as hardware, enables organizations to support the cryptographic requirements of new business initiatives quickly.
Guidance for MSSPs: Unbound Security addresses all of the above challenges and is revolutionizing the way that organizations manage and protect their cryptographic infrastructure. Click here to learn more.
Guest blog by Yehuda Lindell, CEO & co-founder of Unbound Security. Read more Unbound Security guest blogs here.