Manage Learn to apply best practices and optimize your operations.

Key management and distribution vital to encryption system

From locking the door to starting a car, keys are an important part of most people's daily routine. Keys are also vital to effective cloud encryption, so enterprises should consider available key management and distribution options when constructing their encryption system.

Rich Mogull, founder of Securosis , describes some of these options in part four of a recent webcast titled Pragmatic Cloud Encryption. "There are three main options, and then there are different ways of deploying those," Mogull said.

Hardware, software and virtual appliance for key management

Those three key management systems are hardware, software and virtual appliance. Hardware is fast with a high level of assurance, and includes features like smart card access. However, "the problem is you can't put those in your cloud provider's data center," Mogull said.

Rich MogullRich Mogull

This means that enterprises would have to keep the hardware in their own data center, which could cause problems because most organizations' data centers cannot maintain the level of connectivity that is required to protect data.

"If there's a network issue between your data center and your cloud provider, your keys are not accessible to your organization and you're not going to be able to go ahead and actually decrypt that data," Mogull said.

Mogull suggests combining hardware with a virtual appliance option in order to avoid that risk. A virtual appliance "allows you to place the key management close to where the keys are needed" and only deploys a key to the hardware when it is required, Mogull said.

This is "one of the architectures I see people looking at when they want to maintain their own root of trust, where they want to use cloud and where they want to be able to provision a large number of keys," according to Mogull.

The last option Mogull discusses is software. A virtual appliance is technically software, but it differs from the software option in that enterprises don't interact with a virtual appliance before it's deployed. With software, "you can configure, deploy, [and] manage that software yourself," Mogull said.

Critical features of key distribution and management systems

Mogull recommends using a virtual appliance over software, but the decision is ultimately up to the enterprise. He also lists key features businesses should seek when choosing a key management system, including flexible deployment, a secure repository, memory protection and great network connectivity.

Watch part four of this webcast to learn more about key management and distribution options. Then visit to catch up on parts one, two and three of the webcast, where Mogull begins his discussion on pragmatic cloud encryption.

Let us know what you think about the story; email Ben Cole, site editor. For IT compliance news and updates throughout the week, follow us on Twitter @ITCompliance.

View All Videos