Private keys are important files to protect because they are used to encrypt sensitive data. Critical damage to companies and individuals may result if these files fall into the wrong hands. Therefore, these files not only need protection, they also need a backup and disaster recovery (BDR) plan. Private key BDR in the cloud has its benefits but it also has its downsides.
Benefits of the Cloud
The cloud as a BDR solution has exploded due to its convenience, lower infrastructure costs, and the availability of application programming interfaces (APIs) for integrating BDR into processes. The data is stored in an anonymous server somewhere in the cloud infrastructure. The cloud provider guarantees a certain level of availability and redundancy for that data. Thus, the worry about losing a file is diminished and the amount of effort to increase integrity and availability is increased.
Downsides of the Cloud
The cloud inherently suffers from lacking confidentiality. By definition, it is difficult to keep something secret if you are sharing it with another party whom you have little control over its actions. Data is replicated in the cloud for increased availability becomes a double-edged sword when trying to permanently delete a file from the cloud; you can fully never know if a data remnant still exists somewhere unaccounted. Furthermore, it is possible for data to be stolen in the event the provider is compromised and the data was not properly secured, whether by the user’s data misconfiguration or a security hole in the provider’s infrastructure. Once data is put in the cloud it can become public in the process of time.
Strategies for Using the Cloud
The traditional approach is to have all data stored in a physical device in proximity, also called an on-premise solution. A cloud solution has data stored in a physical device in a location unknown to you. A company or individual can opt to use a hybrid approach where certain data is stored on-premise and certain data is stored in the cloud.
For example, if you have extremely sensitive data you may choose to store it only on-premise. The data is encrypted with a private key to increasing the level of confidentiality. You may choose to save the private key on-premise in multiple media: a data store different from the encrypted data, a portable hard drive locked in a safe, and optical media (i.e. CD or DVD) with an encryption password. It would be best to avoid the cloud and store another copy of the key in a different trusted location. But, if the cloud is desired, the file should have the following an unambiguous filename; stored under an unambiguous account name; vendor-provided data security options enabled; long key length; and short key life. Reducing risk and the extent of damage is imperative for key sensitive data.
In another example, sensitive data which has less than catastrophic impacts to a business or an individual can be stored with both on-premise and cloud solutions. The data would be encrypted for storage in the hybrid approach. The private key still needs to be protected. The private key can be stored on-premise with the same rigor as the previous example. For the cloud solution, storing the private key under a different account name with a different cloud provider would reduce risk, in addition to following the same rigor as the previous example.
Using Vendor Capabilities
Vendors, from inception, understood they are contending with security as a barrier to the adoption of the cloud. Many provide built-in security features to address this concern. For example, Amazon Web Services provides in-transit encryption and at-rest encryption capabilities with support for self-managed and vendor-managed private keys. Data is transferred to the cloud can be protected with secure technologies, e.g. HTTPS, SSL, and TLS. Data stored in the cloud can be encrypted with a customer-provided key or a vendor-provided key; using a vendor key might be compromised if the administrator account is compromised. Any private keys backed up to the cloud can also be encrypted with a different key.
Private keys can have a level of security and reduced risk when stored in the cloud. Providers have come a long way to provide a security feature in the cloud. Both the on-premise and cloud solutions suffer from similar threats: vulnerabilities from outdated software and operating system, and insufficient cyber hygiene. Having insecure passwords and un-patched data stores diminish any security strategies. Cloud providers are diligent with cyber hygiene and work with security researchers to address zero-day vulnerabilities, which makes cloud solutions stronger from a cyber hygiene perspective. The downfalls of using the cloud stem from a weak security strategy.
Are private keys safe in the cloud? They can be when good vendors, good security strategies, and good cyber hygiene are put in place. Given the dynamic nature of the cloud, the sheer number of keys that are generated in a short amount of time can quickly become a management challenge.
An important part of this process involves investing in a solution that manages and protects machine identities across cloud and on-premise environments. One such solution is Venafi Trust Protection Platform, which allows organizations to continuously monitor their digital keys and certificates for signs of abuse.