Top 10 Encryption Myths

551 views

Published on

This presentation walks through 10 of the common myths about deploying encryption solutions.

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
551
On SlideShare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
12
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Top 10 Encryption Myths

  1. 1. O WN Y OUR D ATA . R ENT THE C LOUD .Top 10 Cloud Encryption Myths March 2013
  2. 2. Myth 1: Encryption Degrades System Performance Reality ▶ Implemented correctly, impact is minimal ▶ Crypto should leverage hardware: Intel and AMD processors support AES-NI, giving hardware speed ▶ Cloud CPU is cheap: add processing power as needed ▶ Look for caching capabilities that increase read performance ▶ Ensure storage is tuned – it’s the usual culprit for bottlenecks 2
  3. 3. Myth 2: Crypto Terminology is Cryptic Blowfish AES Reality 3DES NIST Key Management KMIP ▶ The right encryption and key management solution should remove this complexity ▶ Encryption based on policy, vs managing individual keys, is easier and more intuitive ▶ Only consider solutions with NIST- approved algorithms 3
  4. 4. Myth 3: Key Management is a Nightmare Reality • You shouldn’t have to manage ‘keys’ at all. A system should do it for you. • Password-based key management doesn’t scale • The right system is highly- available and transparent. • Value add: the system should "Key management is the hardest support key rotation with no part of cryptography and often the downtime Achilles heel of an otherwise secure system.” - Bruce Schneier 4
  5. 5. Myth 4: It’s Too Easy to Lose My Keys Reality • Use a layered, highly available key management system • Ensure no one person has complete control over keys • Cluster your key management servers in redundant locations • Don’t keep your keys and your data in the same place • Ensure key backups are also encrypted 5
  6. 6. Myth 5: Encryption is Hard to Deploy Reality • Encryption can happen transparently. You use SSL daily • Modern crypto systems can be installed in minutes • Key management can run in locked down virtual appliances for fast configuration • The days of lengthy, complex professional services engagements are over 6
  7. 7. Myth 6: Encryption Only Secures the App Reality • It depends on the encryption system • VM snapshot and suspend files can contain sensitive data. Make sure your system can encrypt them. • VM backups should also be encrypted • You can encrypt VMs in public cloud, even without administrative privilege High Cloud Security Inc. Confidential 7
  8. 8. Myth 7: Key Rotation Means Downtime Reality • Many regulations and security policies require periodic key rotation • Swapping keys has traditionally meant taking applications and data offline • Modern systems don’t require downtime and can do this transparently Initial Key 6 Month PCI Rotation Administrator Leaves K0 K1 K2 8
  9. 9. Myth 8: Enterprise-Grade Crypto is Expensive Reality • Avoid a hardware-based key management system • Modern encryption systems are equally secure, and install quickly and easily • Look for a system that lets you purchase encryption as a service, like you do for cloud • Your security system can and should scale with your needs High Cloud Security Inc. Confidential 9
  10. 10. Myth 9: Encryption in the Cloud isn’t Secure Reality • No system protects against every threat, but find a system that protects against most of your concerns • Many organizations don’t like that CSPs offer encryption, but also manage your keys • Encrypted data is more secure than leaving it in cleartext • Find a crypto system that can encrypt your data in any public cloud, that also lets you manage your keys 10
  11. 11. Myth 10: Solutions Don’t Support All Platforms Reality • Most organizations leverage virtualization platforms from different vendors, especially if they use IaaS • Find a system that will work across hypervisor platforms, or at the storage layer, giving you flexibility • In the public cloud, encrypt within the guest OS of the VM, so you are independent of CSP infrastructure 11
  12. 12. Learn More About Cloud Encryption Visit http://www.highcloudsecurity.com Download a whitepaper on Virtualization Security Try HighCloud Security Software for Free! Own Your Data. Rent the Cloud. 12

×