The second cloud stores and manages encryption materials. The individuals controlling that cloud manage the encryption materials and they are also never part of the other teams. In this model, much like the HTTPS model, one cloud provides identity. That cloud is responsible for saying who all the faces are in the diagram, and to what team they belong. Since we don’t want to place blanket trust in our IT department, that includes all the faces in the diagram, not just the users. The individuals that allocate identities are never part of the other teams. Never. This system of having three separate parties is what we leverage for our security architectures at Kunai. For data protection we extend this with a simple rule suggested in the first article, which is: Don’t keep the keys with the encrypted data. Here’s what this looks like. We validate that certificate with a third party identity provider that we trust. After confirmation, we exchange cryptographic secrets with the validated site, then we proceed with a private conversation. With the HTTPS protocol we do what amounts to the following: Ask a site that we want to talk privately to, to prove who they are. They give us a certificate that says, cryptographically, who they are. It’s how our modern HTTPS protocol, which protects every private internet conversation, works. In the context of data security, however, the first part of that quote is useful. Three can keep a secret. Instead you need at least three parties.īen Franklin’s quote is, “ Three may keep a secret, if two are dead.” Probably good advice, but we don't want users to have to kill us to protect secrets, and let's face it: it's just not practical (or legal □). In my last article we talked about the problems associated with modern data security and the principle that we use at Kunai to solve that problem: Trust No 1. You should never trust any one person or system with data of significant value.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |