Friday, January 3, 2014

CCSK Study: Domain 11 - Encryption and Key Management

Notes
  • Encryption is necessary in certain situations, so understanding how this works in the cloud is important
  • Introduction to Encryption
    • Moving data to the cloud does not remove any requirements for confidentiality and data protection
    • Cloud Considerations
      • Data should be protected in transit, at rest, and in use
        • Important in cloud deployments
      • Encryption should be applied directly to unstructured content
      • Key management over the data lifecycle
      • Keys should be under enterprise control, not that of the cloud provider or 3rd party
      • consider protection of log files or metadata that could contain sensitive information
      • Use open standards with sufficient strength
  • Alternatives to Encryption
    • Tokenization
      • Basically, public cloud service paired with private cloud/service.  Public data is tokenized which reduces the value of the data stored.  
    • Data Anonymization
      • Strip sensitive data before deploying to public cloud.  Could be useful for aggregate data collection
    • Utilize cloud based controls
      • They may be sufficient...
  • Risks/Responsibilities of Data (not necessarily in the cloud)
    • Accidental public disclosure
      • whoops
    • Accidental or malicious disclosure
      • attack against
    • Compelled disclosure to 3rd parties
      •  obligation to respond to requests
    • Government disclosure
      •  either by law or court order
    • Misuse of user or network profiles
      • deriving sensitive information from seemingly benign traffic
    • Inference misuse
      • being able to draw inferences about a person's behavior or identity based on data
    • Re-identification and de-anonymizing misuse
      • Capturing enough information to infer the original subject
  • Cryptography in Cloud Deployments
    • Two Types
      • Content Aware
        • Basically used in DLP type solutions.  As content is being transmitted it is scanned for sensitive content.  That content is then encrypted before being sent out
        • Generally works on email, etc
      • Format Preserving Encryption
        • encryption that preserves the format of the original content
        • Better than content aware because it works over all protocols, etc
    • Issues
      • If data is encrypted, it might not be searchable
      • Key management can be difficult if there is batch processing of sensitive data and THAT process is moved to the cloud
      • Some cloud provider types will not work with "encrypted" data
  • Encryption in Cloud Databases
    • Consider if encryption is actually necessary
      • Databases provide ACLs if that is all that is necessary to protect your data (you don't need to use encryption)
      • ACLs won't work for DBAs
      • You may need to comply with legal frameworks
      • If you need to store data in a schema whereby you cannot control access via ACLs
    • SaaS
      • Good luck!
      • Use Object Security if possible (ACLs on a data row/table/object)
      • Store a secure hash
        • Sometimes all you need is to "verify" data.  Store a hash in the cloud as opposed to the data itself
  • Key Management
    • Consider systems that encrypt data on the way out and decrypt on the way in
    • enterprise users should have their own keys
      • Use group level keys if groups are required to work on specific documents, etc
    • What about the data life cycle?
      • Encrypted data is easy to ensure that nobody can access it, simply lose/delete the encryption key
    • consider segregation of duties around key services / process
    • consider key encrypting keys (KEK)

Summary

In short, encryption is hard.  There are systems that employ data security at the file level.  This is great from a security perspective, but makes searching, etc difficult.  You need to balance this.  One idea is to use metadata for fields that you might want to search, leaving the actual data encrypted.  Another would be for an offline dump of data from the cloud for "searching" purposes.  The more metadata you store, the more you run the risk of "re-identification" issues. 

A strong understanding of the reasons why you are encrypting data is necessary here.  In some regulatory cases, you may be able to get away with enough compensating controls.  If you find yourself having a hard time with this, maybe a cloud provider for this particular solution is not the right way to go.