Encryption keys: where are they and why you should care?
Do you know where your private encryption keys live?
First, let’s quickly define what keys really are. In the world of public key encryption, data can be encrypted with a long number (traditionally called a public key) and decrypted with another long number (traditionally called a private key). That long number can be stored in a small text file or printed on a A4 page. If you have the private key you can access data encrypted with the matching public key. If you do not have it, getting access to that data is currently impossible (or at least no one ever bragged about managing to do it).
Right, so where are your private keys?
Here is a quick way to check: if you can reset your password to a cloud service provider yourself you can rest assured that the encryption keys live on the main server alongside your data. What is also certain is that that service provider needs to have the capability to decrypt your key in order to allow you to change the password.
If the server is hacked, your data can be easily decrypted (because the keys live with the data). That is clearly not a nice prospect especially if you worry that ‘everyone will at some point get hacked’.
If your keys are stored separately from the data, the server on which the data resides is no longer going to bring quick joy to a potential hacker. It is no longer a honey pot. This is because to make use of the stolen data the hacker would need to decrypt it first. Since the keys are stored elsewhere that is no longer easy or possible.
So why don’t we all keep our encryption keys in our offices?
Firstly, very few service providers have such a service or if they do, it costs a fortune. Offering individual keys to client data means that the service needs to support sophisticated architecture with each user being issued with a pair of keys and their data carefully encrypted. This becomes even more complex when data can be shared between users.
Secondly, if we did manage our keys and lost them we would then be unable to change the password or gain access to the data. Holding to keys without proper security infrastructure is therefore reserved only to those who either have no other option or built their own internal storage systems for keys.
Is there a way out of this?
Yes. Companies can escrow the keys with a third party (a reputable security company for example) or ask their service providers to remove the keys from the main server. There is a cost associated with that and one needs to understand that there will be a drop in convenience: to change the password one would need to retrieve the key first which is inconvenient and expensive.
One thing to accept is that we need to trade convenience for more security. If we want to hold client data in the cloud that might be a low price to pay especially since smaller companies have become targets of security breaches.