Cloud computing has made securing data harder than ever. Compounding these challenges, especially in complex, multi-cloud environments, is the ever-growing number of encryption and key management solutions enterprises are using. In addition, 64% of companies say that it is unclear as to who “owns” key management, making this area especially problematic.
To combat these issues, companies are developing enterprise-wide encryption strategies. According to the Entrust 2021 Global Encryption Trends study, over 50% of organizations have implemented a single, comprehensive data encryption strategy across the entire enterprise, double the amount reported in 2011. In addition, to help strengthen key generation and management, 66% of companies are turning towards hardware security modules (HSMs).
Bring Your Own Encryption (BYOE) is growing, for better or worse
Bring your own encryption (BYOE), also known as bring your own key (BYOK), refers is an encryption model where the data owner generates and uses its own cryptographic keys and, ideally, has sole access to them. Though designed as a way to help to increase data protection in the cloud without having to turn to a 3rd party key management vendor, BYOE and BYOK are not without their weaknesses.
- In many ways BYOK replicates the problems associated with more traditional usernames and passwords, mainly another layer of operational complexity. Do you create a master key of keys? What happens if the key is lost?
- With or without an HSM, The actual encryption process takes place in the cloud which creates a backdoor opportunity for unauthorized data access
- The generation of key material outside of the cloud provider requires a secure transport of these keys into the corresponding cloud application
- At the time of processing, the data resides as plain text in the memory of the processing system meaning that any party with system memory access can read the data and view the key
Blockchain is Moving Towards Mainstream Use
Over the past 5 years, blockchain has proven to be an effective platform for secure and decentralized information exchange. First and foremost, blockchain automates the data storage process making human-error related data breaches obsolete. As data is decentralized, encrypted, and cross-checked by multiple nodes on the network, blockchain networks are close to impossible to hack.
Banks, governments, hospital systems and other large organizations tasked with managing high volumes of sensitive data are all experimenting with using blockchain technologies for cybersecurity purposes. However, blockchain remains prohibitively expensive and challenging to implement for most organizations. As the technology is still in its nascent stages, scalability and interoperability remain major obstacles to implementations as do the enduring difficulties of encryption key management.
Though conceptualized in 1978, homomorphic encryption is just now becoming a reality. A technique that allows for computations to be performed on encrypted data without a key, homomorphic encryption enables data owners or a third party (such as a cloud provider) to apply functions on encrypted data without needing to reveal the values of the data. The results are also encrypted and require a key to access.
When combined with blockchain, homomorphic encryption could usher in a new era of agile, highly resilient cybersecurity and encryption strategies. However, like blockchain, homomorphic encryption requires significant computing power to function and remains, for now, prohibitively expensive. Given its potential though, many key industry players such as IBM, Microsoft and AWS are all researching and developing homomorphic encryption solutions.
Quantum crypto-agile solution
Quantum computing is poised to render current cryptography techniques obsolete. In fact, there is near scientific consensus that quantum computers will be able to break widely used public-key cryptographic schemes such as RSA and Diffie-Hellman. Furthermore, the transition to new quantum resistant cryptographic algorithms will take years.
Thankfully we have a head start. Not only are researchers developing new, quantum resistant encryption methodologies, some already exist. Lattice-based, code-based, hash-based, isogeny-based, and multivariate systems are all examples of quantum-resistant PKC systems.