For years, data encryption has been used to protect data. New encryption methodologies and longer encryption keys better secure data, however with technological advancements in data encryption come advancements in data decryption. The protected data’s first line of defense is the encryption key.
Symmetric key cryptography is the dominant technology in data protection, where the same security is used for both encryption and decryption. The encryption key must be created in advance, distributed to the end user or application and stored. Her weaknesses and vulnerabilities pervade.
A chain, and so security is only as strong as its weakest link. The common method for protecting the encryption key is to encrypt thekey with a password known only to the intended user. Most encrypted data is password protected. Some data protection systems are more complex and costly requiring encryption keys to be periodically refreshed; however, effective encryption key management is difficult.
Computer malware are designed to steal passwords and other forms of personally identifiable information. Malware attacks are increasing in frequency and intensity. This is a warning sign. Our identity and data are at a greater risk of being compromised with each passing day. We must better secure our encryption keys (passwords).In a sense, the greater risk rests in the reliance on sub-standard password protection. The perception of being secure is in reality a false sense of security and results in greater exposure.
Risk increases in direct proportion to time and complacence. Some data protection projects use hardware security devices that are based on Smartcard technology to protect encryption keys; others use dedicated, centralized Hardware Security Modules (HSM). Each provides better protection in encryption key storage. However, they remain vulnerable to advanced Trojan attacks. Smartcards or traditional security tokens are accessible digitally. What is missing is a physical component that cannot be accessed digitally.
What is FrontOne's Solution?
We take a three prong minimalist approach:
- 3AKEY - Non-specific, dynamic encryption technology;
- Protect the encryption key in transit and in use thereby reducing the exposure of a traditional static key;
- Decentralize part of the HSM function thereby strengthening system security and integrity with continuous mutual authentication.
Our advanced data protection solution is built upon our innovative Unified Authentication Service and Intelligent, personal digital security companion - 3AKEY.