top 10 encryption myths
Post on 14-Jul-2015
345 Views
Preview:
TRANSCRIPT
2
Myth 1: Encryption Degrades System Performance
▶ Implemented correctly, impact is
minimal
▶ Crypto should leverage hardware:
Intel and AMD processors support
AES-NI, giving hardware speed
▶ Cloud CPU is cheap: add
processing power as needed
▶ Look for caching capabilities that increase read performance
▶ Ensure storage is tuned – it’s the usual culprit for bottlenecks
Reality
3
Myth 2: Crypto Terminology is Cryptic
AESBlowfish
KMIP
NISTKey Management
3DES
▶ The right encryption and key management
solution should remove this complexity
▶ Encryption based on policy, vs managing individual keys, is
easier and more intuitive
▶ Only consider solutions with NIST- approved algorithms
Reality
4
Myth 3: Key Management is a Nightmare
"Key management is the hardest part of cryptography and often the Achilles' heel of an otherwise secure system.”
- Bruce Schneier
• You shouldn’t have to
manage ‘keys’ at all. A
system should do it for you.
• Password-based key
management doesn’t scale
• The right system is highly-
available and transparent.
• Value add: the system should
support key rotation with no
downtime
Reality
5
Myth 4: It’s Too Easy to Lose My Keys
• Use a layered, highly
available key management
system
• Ensure no one person has
complete control over keys
• Cluster your key
management servers in
redundant locations
• Don’t keep your keys and
your data in the same place
• Ensure key backups are also
encrypted
Reality
6
Myth 5: Encryption is Hard to Deploy
• Encryption can happen
transparently. You use SSL daily
• Modern crypto systems can be
installed in minutes
• Key management can run in
locked down virtual appliances
for fast configuration
• The days of lengthy, complex professional services
engagements are over
Reality
7
Myth 6: Encryption Only Secures the App
High Cloud Security Inc. Confidential
• It depends on the encryption
system
• VM snapshot and suspend
files can contain sensitive
data. Make sure your system
can encrypt them.
• VM backups should also be
encrypted
• You can encrypt VMs in
public cloud, even without
administrative privilege
Reality
8
Myth 7: Key Rotation Means Downtime
• Many regulations and security policies require periodic key
rotation
• Swapping keys has traditionally meant taking applications
and data offline
• Modern systems don’t require downtime and can do this
transparently
Reality
Initial Key 6 Month PCI Rotation Administrator Leaves
K0 K1 K2
9
Myth 8: Enterprise-Grade Crypto is Expensive
High Cloud Security Inc. Confidential
• Avoid a hardware-based key
management system
• Modern encryption systems
are equally secure, and install
quickly and easily
• Look for a system that lets
you purchase encryption as a
service, like you do for cloud
• Your security system can and
should scale with your needs
Reality
10
Myth 9: Encryption in the Cloud isn’t Secure
• No system protects against
every threat, but find a system
that protects against most of
your concerns
• Many organizations don’t like
that CSPs offer encryption,
but also manage your keys
• Encrypted data is more secure than leaving it in cleartext
• Find a crypto system that can encrypt your data in any public
cloud, that also lets you manage your keys
Reality
11
Myth 10: Solutions Don’t Support All Platforms
• Most organizations leverage
virtualization platforms from
different vendors, especially if
they use IaaS
• Find a system that will work
across hypervisor
platforms, or at the storage
layer, giving you flexibility
• In the public cloud, encrypt
within the guest OS of the
VM, so you are independent
of CSP infrastructure
Reality
12
Learn More About Cloud Encryption
Own Your Data. Rent the Cloud.
Visit http://www.highcloudsecurity.com
Download a whitepaper on Virtualization Security
Try HighCloud Security Software for Free!
top related