Identity is the key to unlocking zero-trust environments, but it is also the key to a lucrative payday for cybercriminals selling prized company data and personal information.
In recent years, data breaches (and their impact on companies and affected individuals) have made headlines. Data breaches have affected a variety of industries including financial services organizations Equifax and CapitalOne, energy company Colonial Pipeline, and fast-food chain Chick-Fil-A. While these companies were well-known before their data breaches, if the world did not know their names prior to making headlines for breaches, they do now.
Understanding the Power of PKI
The best way to protect anything is by keeping it under lock and key, but for information stored in the cloud or exchanged electronically, a physical lock and key is futile. Public key infrastructure (PKI) serves as a cybersecurity lock-and-key system that protects data and resources, as well as authenticates access, secures communications, and provides data integrity and non-repudiation. PKI is widely used in secure email communication, digital signatures, secure Web browsing (HTTPS), virtual private networks (VPNs), and secure online transactions, and other applications.
At PKI’s core is asymmetric cryptography, which uses key pairs: a public key and a private key. The public key is widely distributed and used to encrypt information while the corresponding private key is kept secret and used for decryption. Once these keys are inserted into individual devices and applications, they work to encrypt data and authenticate connected devices and applications.
Imagine your organization has a mailroom that houses feedback boxes for all the departments in the company. Each department’s feedback box and the mailroom have a public key that allows anyone in the company to unlock any department’s box and drop a message into it. However, the head of each department has a private key that only they possess. This private key is mathematically related to the public key and is the only key in the entire company that can unlock a department’s feedback box to access messages or decrypt anything in the box that is encrypted.
How PKI Encrypts Data
Since PKI uses mathematically related keys to encrypt and decrypt data, only the private key can decrypt data that is encrypted with the public key. Therefore, data in transit cannot be intercepted, and when at rest on a device or database, encrypted data cannot be read even if stolen because thieves will not have the private key to unlock it.
If you deploy and use PKI across a corporate network, you can establish a zero-trust environment by authenticating and encrypting everything that is written to or retrieved from a server or device. For example, if your website uses a TLS/SSL certificate to encrypt communications between a customer’s browsers and your website’s server, you are using PKI encryption. As the backbone of enterprise network security, deploying PKI is extremely complex.
Benefits of Cloud-Based PKI
Deploying and maintaining PKI requires a lot of resources and talent, but it’s critical for protecting company data. Many organizations find deploying PKI in the cloud and as a service (PKIaaS) to be a better option than doing it all in-house. Cloud PKIaaS offers several benefits for enterprises of all sizes, such as:
Rapid deployment: PKI has come a long way since its inception. While it used to be a system that required on-premises deployment, it can now be deployed entirely through the cloud. Cloud PKI can be integrated into existing security systems and operational within a matter of days.
Agility: PKI has been around for decades and is already deployed in most infrastructures with Microsoft Certificate Authority (CA). PKIaaS provides a straightforward way to migrate from Microsoft CA without changing your enterprise infrastructure.
Scalability: Cloud PKIaaS enables organizations to scale as they grow and expand use cases without incurring additional hardware or infrastructure costs.
Security: Not only is encrypted data useless without the decryption key but so are your keys to the kingdom: private keys. PKIaaS protects private keys in Federal Information Process Standards (FIPS)-compliant hardware security modules (HSMs) stored in geographically dispersed data centers capable of withstanding nuclear attacks.
Cost savings: By leveraging the existing capabilities of your organization’s devices, software, and hardware, cloud PKI maximizes your IT investment by eliminating costs of acquiring new devices or tools.
With the average cost of a data breach at $4.35 million in 2022, deploying PKI and encrypting data are more cost-effective than becoming the victim of a breach. For more information on PKI encryption, we recommend reading our Encrypt Everything e-book for strategies to help develop a data breach battle plan.
About the Author
Mrugesh Chandarana is Product Management Director for Identity and Access Management Solutions at HID Global, where he focuses on IoT and PKI solutions. He has more than 10 years of cybersecurity industry experience in areas such as risk management, threat and vulnerability management, application security and PKI. He has held product management positions at RiskSense, WhiteHat Security (acquired by NTT Security), and RiskVision (acquired by Resolver, Inc.).