SEAcurIT-e

About

Encryption for data protection is on the rise. The confidentiality, ownership, control and authenticity of data ultimately relies on the security of cryptographic keys such as encryption keys or private keys. The compromise or loss of such keys can divulge private data, destroy trust, corrupt the system, allow unauthorised access to data or services, or lead to false representations. For example, PKI and certificates are great for distribution and authentication of keys, and for enabling secure communication between parties, but its viability ultimately relies on the protection and control of private keys. The importance of key management is evidenced by the market for Hardware Security Modules (HSMs) which store and manage cryptographic keys. The global HSM revenue for 2021 has been predicted to be over (USD) 1,000 million, and has shown long-term steady growth. Although costly, HSMs are well suited to some situations, and their use is sometimes mandated (itself an indication of the importance of key storage). HSMs satisfy a niche, leaving a vast number of other security applications requiring protection and management of keys. For example, keys are often stored in software environments, where security is normally reliant on the Operating System (OS), or in hardware devices that lack sufficient protection. It may be desirable to avoid centralised repositories of secrecy and their attendant security risks, or to maintain full control over secrecy and avoid any outsourcing of security to a third party. It is here that SEAcurIT-e presents a more advanced and better way of doing things. Its scope is applications and services relying on cryptographic keys or other security values, and it works with any type of key (private, symmetric) or other security values. It can augment existing key management schemes such as PKI, or operate as a complete independent key management system. Its design assumption is that any device or service may be compromised and security related information subject to analysis or attacks such as brute force search with the intent to derive security values or to remove any security protection, and it ensures such breaches do not lead to the compromise of stored keys. SEAcurIT-e is a software solution that effortlessly leverages the high availability and integrity of Cloud-type services to vastly enhance the security and control of cryptographic keys and other security values. Core to SEAcurIT-e is that it does this without any relinquishing of control over the secrecy of keys to any other party thereby retaining full control over security. There is consequently no need to trust or rely upon a third party to maintain the secrecy of keys, regardless of the strength of any user passwords. Furthermore, there is no concentration of security and trust in any one part of the system, and consequently no single point of secrecy failure. Managing and controlling keys is the ultimate means of controlling access to secure data, systems or services, and of enabling trust. In a Global Encryption Trends Study, 61% of respondents rated the pain of encryption key management at 7 or higher on a 10-point scale (10 being the most severe), with policy enforcement being rated the most important feature of encryption solutions. SEAcurIT-e simplifies key management by enforcing policies and by providing practical and powerful management capabilities for controlling how, where, when and by whom keys are used. It can support many different applications, allowing a consistent key management strategy to be applied across an enterprise. Administrators can monitor and control all keys in a domain, but without knowing anything about their actual value. Similarly, individual users can manage their own keys and devices, including control over any keys they have shared with other users. Controls include searching a domain to see every device or user to which a specific key is available (useful when keys are shared across multiple devices), and the ability to enable or disable access to a key. The management component holds information about keys, but does not possess any knowledge relating to their actual value, so respecting the privacy of users. SEAcurIT-e is a cost effective, flexible and adaptable solution that is not tied to any one service provider. It can remove risks from weak passwords, and strengthen security applications. In essence, it offers centralised management and control, but distributed security. The system is highly resilient, and a user's SEAcurIT-e system parameters may be updated or refreshed at any time without necessitating an update of the user's managed security values or password.