Insecure Cryptographic Storage

Storing encrypted files is critical for companies that offer sensitive information online. But improperly encrypted files can be an equally risky scenario as it leads to a false sense of security. The process of having improperly encrypted files in storage is known as Insecure Cryptographic Storage (ICS). There is a variety of factors that can lead to ICS, including these:

  • Bad algorithms
  • Improper key management and storage
  • Encryption of the wrong data
  • Insecure cryptography (such as encryption developed in-house, etc.)

How to avoid Insecure Cryptographic Storage

Even if the program itself is encrypted, some information may be accessed through databases, registry data and temporary (temp) files. This can result in sensitive data being accessed as unencrypted data, which can then be used by the malicious user for personal or financial gain. Compromising of company accounts usually leads to the stealing of confidential client or customer information.

In order to avoid this type of breach, developers should locate and identify all data that needs to be encrypted. Sensitive data should not be able to be easily overwritten, while sensitive memory areas should be immediately overwritten. Here is a list of steps and processes that can be used to avoid ICS from leading to a potential data breach or other detrimental losses to the company.

  • Locate and identify sensitive company data and confidential client information, and make sure it is completely encrypted.
  • Make a list of all people who need access to sensitive data and sensitive areas. Both whitelisting and blacklisting are good solutions.
  • Developers should make sure that no sensitive data can be overwritten easily: however, all sensitive memory locations should be erased and overwritten as soon as the data is no longer needed to be stored there.
  • Encryption keys, DRM and algorithms should only be known to company management.
  • All data and drives that are encrypted should be checked and scanned frequently.

By overwriting memory as soon as it is no longer needed, potential unencrypted data can’t be accessed by users with permissions and malicious attackers alike. Following the correct safety protocols and methods outlined in this article will help in keeping company data secure.

The following two tabs change content below.


Latest posts by tal (see all)

Interested in trying CxSAST on your own code? You can now use Checkmarx's solution to scan uncompiled / unbuilt source code in 18 coding and scripting languages and identify the vulnerable lines of code. CxSAST will even find the best-fix locations for you and suggest the best remediation techniques. Sign up for your FREE trial now.

Checkmarx is now offering you the opportunity to see how CxSAST identifies application-layer vulnerabilities in real-time. Our in-house security experts will run the scan and demonstrate how the solution's queries can be tweaked as per your specific needs and requirements. Fill in your details and we'll schedule a FREE live demo with you.