Strengths and Weaknesses: A Protection Evaluation of Traditional Hardware, Software Tokens, TEEs and Multi-Party Computation (G31c)
A number of cryptographic key management and protection technologies are available today. Some have been in use for many years, while others are emerging in response to the transforming IT environment. Key management solutions need to fulfill a core tenet of cryptography: they must protect keys from exposure and unauthorized use. In this session we will discuss: • The criteria that guide the design of key protection mechanisms and their security strength • Trust—what does it mean, and how can organizations evaluate their level of trust in a key management solution? • Security and usability assessment of available key protection models today including traditional hardware devices such as HSMs and smartcards, software tokens and vaults, trusted execution environments, and secure multi-party computation. As corporate IT becomes more digital and dispersed, security functions that leverage cryptography – data encryption, digital signing, and authentication, for example – have come to play an increasingly vital role in organizations’ cybersecurity strategies and regulatory compliance initiatives. Enterprise key management solutions are evolving to address organizations’ changing needs as they migrate to distributed IT and hybrid cloud environments, addressing both lifecycle management of keys and their protection from unauthorized use or theft. Endpoint security solutions leveraging cryptography are also advancing in the wake of the internet of things, BYOD and consumer-oriented mobile services and apps, with security requirements often weighed against user experience, deployment and support considerations. Organizations today have a range of options for protecting their keys, from traditional field-proven dedicated hardware solutions to software methods and emerging models designed for modern hybrid cloud deployments. Understanding the security and usability traits of each approach enables businesses to choose the optimal key protection solutions for their needs.