The Importance of a Cryptographic Controls Policy
If you're using encryption, you need a Cryptographic Controls Policy. Here's what to consider.
February 23, 2009
Essential elements of an FDE implementation are proper planning, management buy-in, and robust policies. You need to carefully think through FDE's management and policy components before you move forward with a project. Technology is just one element of a sound strategy for protecting your data with encryption. I strongly recommend that any organization using encryption have—and strictly enforce—a Cryptographic Controls Policy to cover any use of such tools in the organization. Here are the key elements to consider:
Where is encryption allowed and warranted? Encryption should be specifically disallowed unless approved by management. You don’t want every “two bit” administrator encrypting files with personal PGP keys. You also don’t want administrators or especially end users making encryption decisions unilaterally. That might not meet company standards' also, if users leave unexpectedly, you could be stuck with unrecoverable data. Encryption needs to be approved and implemented under a management structure.
How will the encryption keys be stored and protected? I’ve seen plenty of companies with USB crypto keys plugged into their PCs at all times, negating any protection (and introducing an avenue for theft). Hardware crypto keys shouldn’t leave the premises (unless they're specifically designed for mobile or offsite use). Ideally, they should be properly secured at day’s end. All crypto keys should be stored safely and backed up just like any other critical data. Keep in mind that crypto keys often aren't stored in the usual places you would normally back up. Properly secure your backups so that they aren’t lost or stolen. Depending on the scheme and implementation, a single lost or stolen crypto key could require significant reconfiguring and reissue costs.
Consider performance. Encryption will add a small amount of overhead to every read and write operation. If your servers are already overtaxed, perhaps you should upgrade before moving to full disk encryption.
How does your full disk encryption plan affect your disaster recovery plans? Having the disk encrypted will add steps to the process of recovering lost or down systems. Encryption keys must be transported securely to your offsite locations. Make sure you amend your DR plans to include the encryption element and, of course, test the restore process rigorously.
About the Author
You May Also Like