With the onset and persistence of the coronavirus, we saw radical changes in the way that we interacted physically. For most of a year where physical distancing impacted many aspects of our lives, we saw that some functions transition more easily to the virtual world than others. For those in the crypto world, things like managing hardware security modules became extremely problematic. We were forced to grapple with questions like how do you physically distance inside a secure vault?
I was thinking of this recently when I saw John O’Connor, VP of Product Management at Crypto4A, discuss quantum safety at the Machine Identity Management Global Summit. About a year ago we had an interesting conversation about how the pandemic was impacting security functions that had traditionally been in-person only. Things like how do you bring people from different locations either together, to perform key ceremonies, or provision a subordinate Certificate Authority (CA)?
After having dealt with the realities of the pandemic for what seems like forever now, we are beginning to realize that many of the functions that we previously thought of as in-person only are easier and more economical to do virtually or remotely. I believe that many of those things will survive the social distancing of the covid crisis.
In the early days of the pandemic, John and I chatted about one challenge in particular that highlighted our reliance on physical presence for IT functions: performing key ceremonies. Traditionally, in a key ceremony everyone has their key shards and their clipboards and there are video cameras documenting the entire process. Everyone is badged in and securely brought into one room, and they sit and wait for hours until keys are provisioned, et cetera.
In the past, whenever you wanted to operate on your root CA—whether for a subordinate CA or to generate new CA certificates from your root CA—you needed to have physical access to that certificate authority. For HSMs in particular, you needed to assemble everyone that had a security token, you had to make sure they all had one of these key cards, and you needed to get them all in the same location. Sometimes that included bringing in a third-party auditor as well. Even putting aside the expense and effort that goes into any operations on your root CA, that entire workflow was more or less broken during the pandemic and that proved to be problematic for some organizations. Furthermore, the process relying on traditional HSMs uses split keys distributed to the guardians of these sensitive assets and the techniques to perform these functions are generally vendor specific.
Even without social distancing requirements, this complex physical process may not be the best way to proceed in the future. One way to solve that problem is with technology and a new process that allows you to securely perform remotely all of those actions inside a digital platform, producing a digital audit that can be signed by all the participants.
According to John, in simple terms here’s how it works. Generally speaking, your root CA is an offline CA. It's sitting in a room with no connectivity. The current process is designed to create a real-world bridge across that air gap to the HSM by in-person processes. But what if you were to build a virtual air gap capability directly into the HSM? (Crypto4A, whose founders originally invented the Luna HSM, has).
You could then take your previously offline root CA and run it behind a virtual air gap where the machine that it runs on does not have internet connectivity. Using an authorization engine activated by a new process Crypto4A calls quorum-based dual control, you could perform tasks inside the security zone where the offline root CA lives. Quorum-based dual control connects participants that can be anywhere in the world—enabling the update to be performed virtually. This would allow you to essentially bring an offline root CA into a connected world while still having the same security properties and auditable processes that you have today. Crypto4A has rethought how functions performed by an HSM need to be changed and enhanced for a machine identity world.
What this means is that you wouldn’t need to be in a room with others to approve working on a subordinate CA. You could be on the golf course or the beach, or (more realistically) working from home. As we learned the hard way, things can change. I think this is an opportunity for us to rethink how we actually go about managing our cryptographic assets. When everything else in our life is online, how do we take that offline root CA in still the same secure fashion and bring it into a securely remote-operated asset?
Crypto4A offers a suite of new functionalities that rethinks the HSM for a hybrid multi-cloud machine identity world. Visit them on the Venafi marketplace to learn more.