SIX STEPS TO SECURE CRYPTOGRAPHIC KEYS
Jeffrey Kok, Vice President of Solution Engineer,
Asia Pacific and Japan, CyberArk
Asia Pacific and Japan, CyberArk
As
more and more countries are exploring the benefits of having a cashless
society, the issues of cryptocurrencies is widely debated among central banks
and governments today. Late last year, the Monetary Authority of Singapore
(MAS) advised the public to act with extreme cautiousness and to understand the
significant risks they could face if they choose to invest in cryptocurrencies.
MAS highlighted that there is also a risk of loss should the cryptocurrency
intermediary be hacked, as it may not have sufficiently robust security
features.
more and more countries are exploring the benefits of having a cashless
society, the issues of cryptocurrencies is widely debated among central banks
and governments today. Late last year, the Monetary Authority of Singapore
(MAS) advised the public to act with extreme cautiousness and to understand the
significant risks they could face if they choose to invest in cryptocurrencies.
MAS highlighted that there is also a risk of loss should the cryptocurrency
intermediary be hacked, as it may not have sufficiently robust security
features.
Cryptocurrency
has grown exponentially because of its attractiveness to people looking to use
this alternative money. The rapid growth in the value of cryptocurrency like
Bitcoin over the past year has established it as an attractive investment which
can have a positive impact on the wallets and trading practices of investors
globally. Nevertheless, the number of cyber security threats is increasing each
year, as well as the number of methods to illegally access data, exploit
computer power and extort money.
has grown exponentially because of its attractiveness to people looking to use
this alternative money. The rapid growth in the value of cryptocurrency like
Bitcoin over the past year has established it as an attractive investment which
can have a positive impact on the wallets and trading practices of investors
globally. Nevertheless, the number of cyber security threats is increasing each
year, as well as the number of methods to illegally access data, exploit
computer power and extort money.
Over
the past year, the Southeast Asia region witnessed a growing number of
cryptocurrency startups, making it a very attractive target for cybercriminals.
the past year, the Southeast Asia region witnessed a growing number of
cryptocurrency startups, making it a very attractive target for cybercriminals.
As
this form of currency gains more popularity and credibility, organizations in
every industry will need to implement security controls to mitigate risk
against crypto-credentials from becoming exposed.
this form of currency gains more popularity and credibility, organizations in
every industry will need to implement security controls to mitigate risk
against crypto-credentials from becoming exposed.
Digital Wallets – The basics
There are two
types of digital wallets: hot wallets and cold wallets. Hot wallets are used by
individual users and organizations to store smaller amounts of currency, providing
the need for more fluidity required for quick transfers and exchanges. There are
many cryptocurrency services such as Coinbase and Bittrex, which are available
in Singapore, that manage and store the wallet’s private key and provide users
with easy access. Usually, this type of managed service is password protected.
types of digital wallets: hot wallets and cold wallets. Hot wallets are used by
individual users and organizations to store smaller amounts of currency, providing
the need for more fluidity required for quick transfers and exchanges. There are
many cryptocurrency services such as Coinbase and Bittrex, which are available
in Singapore, that manage and store the wallet’s private key and provide users
with easy access. Usually, this type of managed service is password protected.
As for cold wallets,
it is used by organizations and security-savvy individuals and typically hold
much larger amounts of digital currency. This type of wallet keeps its
associated private key off the internet completely and often stores it on an
offline computer. However, if the network becomes compromised, then the keys
will follow suit shortly.
it is used by organizations and security-savvy individuals and typically hold
much larger amounts of digital currency. This type of wallet keeps its
associated private key off the internet completely and often stores it on an
offline computer. However, if the network becomes compromised, then the keys
will follow suit shortly.
Don’t Get Digitally Robbed
Cryptocurrency
private keys are not exclusively used by human users. There are many automated
processes that perform cryptocurrency transactions as well. Securing private
keys for all users (both human and machine) is a foundational first step,
quickly followed by authenticating and identifying who has access to the keys,
controlling the access and monitoring its usage.
private keys are not exclusively used by human users. There are many automated
processes that perform cryptocurrency transactions as well. Securing private
keys for all users (both human and machine) is a foundational first step,
quickly followed by authenticating and identifying who has access to the keys,
controlling the access and monitoring its usage.
Cryptocurrency
private keys should be treated as another type of privileged credential that
needs to be managed and protected. In essence, it should be handled similar to
how we store a password with a few slight modifications and specific
requirements.
private keys should be treated as another type of privileged credential that
needs to be managed and protected. In essence, it should be handled similar to
how we store a password with a few slight modifications and specific
requirements.
Whether the
private keys are accessed by humans or automated processes, it is critical to
authenticate the access control and assure it has not been forged by a
malicious insider or external attacker.
private keys are accessed by humans or automated processes, it is critical to
authenticate the access control and assure it has not been forged by a
malicious insider or external attacker.
Here are six key
considerations to secure and protect cryptographic keys:
considerations to secure and protect cryptographic keys:
Store cryptographic keys in a secure digital vault – Move keys into
a digital vault with multiple layers of security wrapped around it, enforce
multi-factor authentication to all users who have access to the vault.
a digital vault with multiple layers of security wrapped around it, enforce
multi-factor authentication to all users who have access to the vault.
Introduce role segregation – Control individual access
to stored keys, preventing even the most privileged administrators from getting
to them unless explicit permissions have been granted.
to stored keys, preventing even the most privileged administrators from getting
to them unless explicit permissions have been granted.
Enable secure application access – Restrict access
to stored keys to authorized applications and verify that the applications are
legitimate and untampered.
to stored keys to authorized applications and verify that the applications are
legitimate and untampered.
Audit and review access key activity – Audit all
activities related to key access and implement trigger events to alert the
necessary individuals of any key activity.
activities related to key access and implement trigger events to alert the
necessary individuals of any key activity.
Enforce workflow approvals – Enforce workflow approvals
for any activities considered to be highly sensitive and the same goes for
accessing the keys.
for any activities considered to be highly sensitive and the same goes for
accessing the keys.
Monitor cryptocurrency administrator activities – Facilitate
connections – similar to an automated secure proxy/jump host – to target
systems that are used to perform cryptocurrency administrator activities (e.g.
the system hosting the wallet).
connections – similar to an automated secure proxy/jump host – to target
systems that are used to perform cryptocurrency administrator activities (e.g.
the system hosting the wallet).
For the LATEST tech updates,
FOLLOW us on our Twitter
LIKE us on our FaceBook
SUBSCRIBE to us on our YouTube Channel!
