Encryption and Key Management
Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *
or
Already have an account? Sign In »
Time
12 hours 57 minutes
Difficulty
Intermediate
CEU/CPE
13
Video Transcription
00:00
>> We talked about the different types of encryption.
00:00
Now we're going to talk about how you
00:00
manage and protect that encryption key.
00:00
The encryption key is really the crown jewel.
00:00
It enables an organization
00:00
to both encrypt and decrypt information,
00:00
and so special care needs to be taken to
00:00
protect the encryption key in Cloud environments.
00:00
In this lesson, we're going to talk about why
00:00
key management is so important in Cloud environments,
00:00
we're going to talk about the key management process,
00:00
and then talk about some examples of
00:00
the key management concepts.
00:00
In our discussion of asymmetric encryption,
00:00
we talked about the importance of these private,
00:00
public key pairs that are used to
00:00
encrypt information that's sent
00:00
publicly and then decrypt it using the private key.
00:00
Organizations in Cloud environments want to register
00:00
their public keys with
00:00
a robotic called a certificate authority.
00:00
Organizations create an application
00:00
that sends their public key to
00:00
the certificate authority who validates their identity,
00:00
and then the certificate authority signs the certificate,
00:00
which includes the public key,
00:00
typically how long the key is valid for,
00:00
and puts that in their database,
00:00
and provides that certificate back to the organization.
00:00
They can use that in communications
00:00
with other third parties who can then use
00:00
the certificate authorities database to
00:00
confirm the identity of
00:00
the public key belonging to the organization.
00:00
This enables the organization to
00:00
then use asymmetric encryption to
00:00
communicate with various third parties
00:00
in the Cloud environment.
00:00
But let's talk more about how do
00:00
we protect that private key.
00:00
Key escrow is one of the key components
00:00
of protecting encryption keys.
00:00
Typically, a third party vendor is used
00:00
to maintain the encryption keys for an organization,
00:00
or keys can be maintained in
00:00
a non-Cloud environment that's
00:00
on-premise location to ensure that they are protected.
00:00
It's very important that
00:00
the encryption key used
00:00
to encrypt data is protected
00:00
at a level commensurate with the data it's protecting.
00:00
Depending on the sensitivity of the data,
00:00
more and more control should be
00:00
put in place to ensure that
00:00
that encryption key does not get divulge.
00:00
Now sometimes there could be problems that
00:00
happen and you lose an encryption key,
00:00
and that's what the key escrow and
00:00
key recovery is used for.
00:00
The third party protects your key and
00:00
you can use a password or another means of
00:00
authenticating to get access
00:00
to your keys should they become have
00:00
been lost or compromised.
00:00
These third parties in
00:00
the key escrow scheme also help with
00:00
the distribution of keys to various,
00:00
if you have multiple different applications
00:00
or servers or things like that,
00:00
that need to have keys and different certificates,
00:00
that can be administrative aspects of
00:00
maintaining these certificates when they
00:00
inspire, can be difficult.
00:00
If a key becomes compromised
00:00
or you have a breach and you need to
00:00
change all your key is that you need to
00:00
register that breach with the certificate authority to
00:00
show that the certificate
00:00
associated with that public key has expired and should
00:00
no longer be trusted as a means of authenticating and
00:00
providing repudiation for your organization.
00:00
This whole administration of keys,
00:00
ensuring that the keys are changed from time to time,
00:00
which is referred to as key rotation,
00:00
organizations in the Cloud often
00:00
use an outsourced organization to do this.
00:00
This is where these Cloud
00:00
access security brokers come in.
00:00
They help do a lot of
00:00
the authentication and identification,
00:00
but they may also help play a role in key management.
00:00
A lot of Cloud providers also provide
00:00
their own key management services that help
00:00
organizations maintain their keys in a secure manner,
00:00
and rotate them effectively so
00:00
that the keys are being changed on a periodic basis.
00:00
So if they were accidentally divulged,
00:00
that they are being changed so
00:00
that a threat actor might be
00:00
able to do with the key is
00:00
limited to this particular period of time.
00:00
In general, it's just a best practice to
00:00
rotate the keys on a periodic basis.
00:00
Another very important concept
00:00
when it comes to key management is
00:00
that if the key ever needs to be transported or sent,
00:00
it should never be sent in the clear,
00:00
meaning on a channel that is not encrypted.
00:00
We want to employ encryption in
00:00
transit to protect the key if it ever
00:00
needs to be communicated to
00:00
another person within your organization
00:00
or third party for whatever reason.
00:00
Remember, overall,
00:00
we should keep this in mind with our quiz question.
00:00
Where should you never store encryption key?
00:00
On-premise with the Cloud access security broker
00:00
or in the Cloud with the data it encrypts?
00:00
If you said in the Cloud with
00:00
the data it encrypts, that's correct.
00:00
The key should always stay
00:00
separate from the data that's used to encrypt,
00:00
except for the instance where it's
00:00
actually being used to encrypt the data.
00:00
That means if someone got access to the data,
00:00
they'd actually be able to find
00:00
the key and decrypt an access that data,
00:00
which would defeat the purpose
00:00
of encrypting it in the first place.
00:00
We talked about the importance of encryption keys.
00:00
Basically, they are the main mechanism
00:00
that allows us to successfully encrypt
00:00
and decrypt information in
00:00
these Cloud environments and
00:00
maintain confidentiality of information.
00:00
We talked about key administration terms
00:00
such as key escrow,
00:00
potentially a third party that's
00:00
used to maintain your keys,
00:00
we talked about key rotation,
00:00
that the key should be changed on a periodic basis.
00:00
We talked about certificates
00:00
and how public keys are registered,
00:00
as well as revote with
00:00
this third party registration authority.
00:00
Onto the next lesson.
Up Next
Instructed By
Similar Content
