Storing encrypted files is critical for companies that offer sensitive information online. But improperly encrypted files can be an equally risky scenario as it leads to a false sense of security. The process of having improperly encrypted files in storage is known as Insecure Cryptographic Storage (ICS). There is a variety of factors that can lead to ICS, including these:
- Bad algorithms
- Improper key management and storage
- Encryption of the wrong data
- Insecure cryptography (such as encryption developed in-house, etc.)
How to avoid Insecure Cryptographic Storage
Even if the program itself is encrypted, some information may be accessed through databases, registry data and temporary (temp) files. This can result in sensitive data being accessed as unencrypted data, which can then be used by the malicious user for personal or financial gain. Compromising of company accounts usually leads to the stealing of confidential client or customer information.
In order to avoid this type of breach, developers should locate and identify all data that needs to be encrypted. Sensitive data should not be able to be easily overwritten, while sensitive memory areas should be immediately overwritten. Here is a list of steps and processes that can be used to avoid ICS from leading to a potential data breach or other detrimental losses to the company.
- Locate and identify sensitive company data and confidential client information, and make sure it is completely encrypted.
- Make a list of all people who need access to sensitive data and sensitive areas. Both whitelisting and blacklisting are good solutions.
- Developers should make sure that no sensitive data can be overwritten easily: however, all sensitive memory locations should be erased and overwritten as soon as the data is no longer needed to be stored there.
- Encryption keys, DRM and algorithms should only be known to company management.
- All data and drives that are encrypted should be checked and scanned frequently.
By overwriting memory as soon as it is no longer needed, potential unencrypted data can’t be accessed by users with permissions and malicious attackers alike. Following the correct safety protocols and methods outlined in this article will help in keeping company data secure.
Latest posts by tal (see all)
- Checkmarx Visual Studio Static Code Analysis Plugin - October 15, 2014
- Secure SDLC - October 15, 2014
- Spoofing Attack - October 15, 2014