Securing Cryptography in the Cloud:

1. Evaluate the Security of the Cloud Cryptography Platform

A migration project must independently evaluate the security of the cryptography implemented by the host as a first step. It’s not acceptable to take the cloud host’s marketing material as a guarantee of security.

Cryptosense software is used by several major financial services organisations to test cloud cryptography platforms. Negative results from our tools have resulted in “no-go” decisions for major projects, pending improvements to the platform by the host.

2. Test and Secure the Cryptography in the Application

While the importance of a secure cryptography provider is evident, most vulnerabilities in cryptography actually result from the application misusing the provider. These bugs in key-management, random number generation, and cryptographic design cannot be mitigated by WAFs or other similar technologies and need be eliminated in a full cryptography audit before the application is migrated.

Cryptosense Analyzer is the first tool capable of a complete cryptography audit on an application. Multiple financial services organisations and software companies depend on it to ensure their code is secure.

3. Secure the Keys on the Host Platform

Due to the increased exposure of a cloud application, cryptography must be adapted to store keys securely using the host’s key-management system (KMS) rather than in software. This requires a full cartography of cryptography use in the application and the key lifecycle. However, understanding the full use of cryptography of an application is hard: documentation is often incomplete and out-of-date, key personnel involved in legacy applications may have left, and manual code review is extremely costly.

Cryptosense Analyzer produces a complete cartography of cryptography and keys used in an application that allows easy and secure adaptation to the chosen KMS.

4. Monitor the Platform and the Application

Moving an application to the cloud means ceding control of platform updates to the host, each of which may cause new stability or security issues. Testing must be repeated regularly and results monitored. Additionally, to reduce time to market and promote innovation, most organisations take advantage of their new cloud platform to speed up their development and deployment cycle towards a Continuous Integration/Continuous Deployment (CI/CD) scenario. Changes to the application must also be tested to ensure cryptography security is maintained.

Cryptosense software makes sure that an application stays secure under these conditions by monitoring the host cryptography platform on a regular basis and by integrating the application cryptography audit by Cryptosense Analyzer into the CI/CD toolchain. Souce

iTM covers all aspects of cybersecurity from Home cyber security managed solutions to automated, manage threat intelligence, forensic investigations and cyber security training. Our objective is to support organisations and consumers at every step of their cyber maturity journey. Contact Us for more information.