decision criteria and analysis for hardware-based encryption
TRANSCRIPT
© 2016 The SANS™ Institute – www.sans.org
Decision Criteria and Analysis for Hardware-Based Encryption
Sponsored by Thales e-Security
2© 2016 The SANS™ Institute – www.sans.org
Today’s Speakers
Eric Cole, PhD, SANS Analyst and Fellow
John Grimm, Senior Director of Security Strategy, Thales e-Security
3© 2016 The SANS™ Institute – www.sans.org
Introduction
2016 Global Encryption Trends Study, Ponemon Institute, February 2016
The ratio of cost to benefit has improved and encryption is now far more common in organizations that rely heavily on Internet-
or cloud-connected applications for significant business functions
4© 2016 The SANS™ Institute – www.sans.org
HSM
Hardware-based encryption uses dedicated hardware to perform cryptographic functions, which offloads processing to an independent system, increasing not only security but also performance. In addition to performance, risk and security of keys are also factors in using hardware security module (HSM) encryption
© 2016 The SANS™ Institute – www.sans.org
Pros and Cons of HSMs
5
6© 2016 The SANS™ Institute – www.sans.org
Key Areas to Evaluate When Considering Hardware-Based Encryption
Because it is unlikely that every application can benefit enough to justify the additional cost and effort,
organizations should deploy hardware-based solutions only for applications with sufficiently high requirements
for security and performance.
• Application integration• Crypto APIs• Testing and patching
7© 2016 The SANS™ Institute – www.sans.org
Design Criteria and Analysis: Finding Balance
Every organization that has sensitive data can gain from hardware-based encryption, but very
few can afford the cost or complexity of applying it to every system and application.
• Identify all critical data repositories
• Map key business processes • Determine servers that
support the processes • Create a threat map
• Perform a risk assessment • Prioritize applications • Verify all risk mitigation measures• Do a gap analysis to determine
areas of focus
8© 2016 The SANS™ Institute – www.sans.org
The Criteria
In looking at the criteria, hardware-based encryption works very well in environments in which: 1. Verified encryption is critical. 2. Strong key management and protection are required. 3. Performance is important. 4. Initial deployment cost is not the ultimate driver. 5. The organization has control over the application server environment.
© 2016 The SANS™ Institute – www.sans.org
Use Case: Digital Cinema
HSMs used for:–Content encryption
–Digital watermarking
–Strong authentication
10© 2016 The SANS™ Institute – www.sans.org
W A R N I N G
Many organizations will initially determine that hardware-based encryption is not a viable or feasible solution because of bad design decisions made when the system
was first implemented.
11© 2016 The SANS™ Institute – www.sans.org
12© 2016 The SANS™ Institute – www.sans.org
Challenges in Implementing Hardware-Based Encryption
2016 Global Encryption Trends Study, Ponemon Institute, February 2016
© 2016 The SANS™ Institute – www.sans.org
Analytical Process for Determining Where to Deploy Hardware-Based Encryption
13
© 2016 The SANS™ Institute – www.sans.org
Where and how are HSMs most commonly deployed?
• SSL/TLS• Database encryption• Application-level encryption
Additional HSM form factors:
15© 2016 The SANS™ Institute – www.sans.org
Emerging Technologies (1 of 3)Cloud
• With the cloud, the hardware and systems are owned and controlled by a third party
• Close collaboration with the cloud provider is critical for hardware-based encryption to work
• Cloud providers are looking for ways to enhance their customer experience and differentiate themselves
• Not uncommon for some cloud providers to offer services that integrate hardware-based encryption
© 2016 The SANS™ Institute – www.sans.org
Use Case: Key Management in the Cloud
User organization generates own keys on-premise
Keys securely transferred to HSMs in the cloud
Keys used by, but not accessible to, cloud provider nShield Edge
17© 2016 The SANS™ Institute – www.sans.org
Emerging Technologies (2 of 3)Virtualization
• Hardware-based crypto services for virtualized environments require planning
• A “virtualized HSM” would reduce the benefit of hardware-based protection features like anti-tamper
• Virtual systems requiring hardware-based encryption need access to a networked-based HSM, or to share access to a PCI HSM on the same server
18© 2016 The SANS™ Institute – www.sans.org
Emerging Technologies (3 of 3)IoT (Internet of Things)
• The IoT typically involves relatively low-end pieces of hardware that focus on a single task, with an emphasis on low power consumption
• Directly integrating hardware-based encryption may not be feasible
• Many vendors, such as Samsung and other IoT platform providers, are making chips with trusted platform modules for which the device manufacturers can leave a slot
© 2016 The SANS™ Institute – www.sans.org
Use Case: Manufacturing
HSMs provide:– Root of trust– Secure credentialing
(“digital birth certificate”)– Ability to lock/unlock
capabilities– Encryption key services– Configuration security
(e.g., code signing)
20© 2016 The SANS™ Institute – www.sans.org
Summary
The following is a high-level checklist for deploying hardware-based encryption: • Use risk analysis to drive the overall process of
determining an appropriate solution. • Perform cost-benefit analysis. • Calculate the TCO to make sure there are no hidden costs. • Put together a detailed implementation plan to fully
understand the complexities involved. • Recognize that changes to existing applications might be
needed to accommodate the best solution.