How do we create a digital version of a safe to store all of our valuables in case our locked doors and windows do not keep the burglars out? The answer to this question has been obvious for quite some time. In fact, it has been used successfully to prevent prying eyes from reading our confidential emails, namely encryption. But what can be done with an email, when there is one sender and one recipient for the encrypted contents, cannot be applied to business data that has to be accessible to employees on an ad hoc basis as they record business transactions. For encryption to be applied to typical confidential data, such as a customer’s Social Security Number on a tax accountant’s accounting system, we need a solution that enables easy authorization (and deauthorization when necessary) for access to decrypted data.
In fact, a better analogy for this setup is a bank vault. A home safe is a single user container. A bank vault can accommodate many bank customers by providing safety deposit boxes. Each safety deposit box requires two keys, one carried by the customer and one owned and kept by the bank. So effectively we can model this approach to our business data. Combination of encryption keys and specific user or set of users based on their business roles have their passwords as their “customer key” in our safety deposit box analogy. Without both keys someone’s access to the vault does not give them access to the contents of the deposit boxes. And when an authorized user provides his or her password (their personal deposit box key) and gain access to the unencrypted encryption key (the bank’s key to the deposit boxes), they only get to see what they are authorized to see.
So let’s list the set of requirements we outlined in the previous post. Our solution to the creation of an effective data vault must be able to:
- Encrypts our sensitive and confidential data and documents,
- Properly protects the encryption keys so they CAN NOT fall into the wrong hands,
- Makes it possible for anyone we trust to get to the assets when needed without having to know or look for the encryption keys.
Let’s spend some time on each of these topics. First and foremost, our ideal solution to data protection through encryption has to be able to encrypt data using any of the standard encryption method. This is important since there could be complications with some of the methods due to the nature of what is being encrypted. Additionally, it needs to allow us to select what is going to be encrypted and what can be stored in clear text. This is an important feature since encryption does require computing resource and, if we can limit the encrypted data to what needs to be safeguarded, we will have an easier time when deciding who gets to see what. Going back to our analogy, we need a safe big enough for our valuable items vs. one that can hold everything we own; therefore, our ideal solution will:
- Let us choose our encryption method.
- Let us choose what needs to be encrypted.
Now comes the part about the encryption key(s). These keys are by design a long list of randomly generated character, numbers, and special characters. They are designed to be hard to guess (some will say impossible to guess), which means they are impossible to memorize; this means they need to be recorded somewhere. We don’t want to write them down or even type them into our programs to be used when necessary. If these keys are available in clear text, we would certainly make it cumbersome for someone to have to find the keys in order to read our data, but we have not made it impossible for them to read out encrypted data; If they can find the keys they can decrypt and read our data. So ideally, we want the keys to either be easy to memorize (impossible by design for mere mortals) or for it to be accessible on demand without it being accessible to unauthorized individuals. The best way to do this is to encrypt the encryption keys and store it on a system and to use the user’s password for the encryption. The users’ passwords are selected by the users and are not written down anywhere. So when an authorized user logs in, his or her password is used to decrypt the encryption keys and he or she can now have access to encrypted data. If hackers gain access to a system that has this setup, they will have encrypted data and encrypted keys that cannot be decrypted without the users’ passwords and the users’ passwords are not recorded anywhere on the system! To recap, our system as designed:
- protects encrypted data using encryption keys and
- encryption keys are themselves encrypted using users’ passwords.
Now we can encrypt our confidential data and still allow our authorized users to access the data by doing nothing more than logging in using their passwords.
If you are interested, please provide your contact info here.