Unit 2: Key management Flashcards
Which type of key storage is usually used in storage-level encryption, internal database encryption, or backup application encryption?
basic storage level encryption ???
What can lack of access to encryption keys result in?
Lack of access to the encryption keys will result in lack of access to the data. This should be considered when discussing confidentiality threats vs. availability threats.
In which method of key storage are keys maintained separately from the encryption engine and data?
Externally managed.
They can be on the same cloud platform, internally within the organization, or on a different cloud. The actual storage can be a separate instance or on a hardware security module.
Why should key management functions be conducted separately from the cloud provider?
Typically, Cloud Service Providers protect keys using software based solutions in order to avoid the additional cost and overhead of hardware-based security models. The ability to provide evidence of tampering is unlikely. Due to the fact the software-based key management solution do not meet the NIST FIPS 140-2 or 140-3 certifications.
