Solving Cloud and Entropy Problems for Government Agencies

Ten years ago, as part of the federal government’s push for IT modernization, the Office of Management and Budget released Cloud First. This initiative stated that the federal government had to move to the cloud. However, it neglected to provide specific direction on accomplishing cloud adoption. In 2018, the follow-up release, the Cloud Smart Strategy, included guidance on security, procurement, and the necessary workforce skills for cloud adoption and implementation.

As requirements for the Cloud First initiative continue to accelerate, so do the risks associated with migration. Some organizations have been forced to move into cloud environments due to budgetary concerns or mandates without having visibility into the data they’re moving, thereby leaving them at risk.

Government controlled unclassified information (CUI), personally identifiable information (PII), and private information (PI) data is now under the control of cloud providers being managed by third-party administrators. Cloud provider key management systems typically require you to hand over control of both your data and the encryption keys to outsiders. This is not tenable, even in the unclassified world, as we have seen with both recent cybersecurity attacks and rogue cloud employees disclosing information. It’s even less reasonable for government agencies.

With such a large volume and compounding problem, there appears to be no good place to start. Data volumes increase daily, threats continually evolve, all while agencies must work to maintain service levels.

Uncovering the Challenges

In 2016, PKWARE partnered with Quintessence Labs to provide a platform with a US-built appliance providing True Random Key Management to combat the rising quantum threat and our aggressive adversaries. Leading with a global top five financial services company and projects from Department of Defense agencies, we began our journey to truly overcome the challenges and inadequacies of today’s key management systems.

As part of these efforts, we talked to our customers about their challenges and their need to locate and categorize data. We uncovered their use of manual processes, which added friction and disconnected results in enforcing agency security policies. Those results need to be visible at the data level through reporting, but most people couldn’t even find their data. Their current data security vendors often forced them to break business processes or simply allowed them to check a box without credible real world protection.

What We Heard

As we dug deeper into customer challenges, we heard feedback such as: What data do we have? Should we still have it? Who should have access to it and for how long? How do  I share and control data outside my network? Vendors, contractors, sister agencies, coalition partners . . . how do I keep data in the right swim lane in the correct pool? My key management and encryption point products don’t talk to each other well, if at all. When signing my cloud ELA, I am reminded that data protection is solely my responsibility.

Other pain points included:

• Pseudo and Dev Rand no longer sufficient
• Programmable quantum computers now commercially available
• Four to six crypto point products in use that don’t integrate with separate key management systems
• Adversaries pick off data in between cryptohops or steal encrypted data with substandard entropy

Building A Solution

Leveraging lessons learned and best practices from our customer, PKWARE can deliver solutions that keep your data safe without breaking your business processes or disrupting your user experience.

With a PKWARE deployment, your organization retains full administrative control over the keys and the data encryption by its employees, including the ability to apply policy keys for audit, forensics, and emergency access to all encrypted data. Programs like DLP and Einstein will no longer need to be blinded by uncontrolled crypto, which historically allows accidental and malicious ex-filtration.

More importantly, we collaborate with and advise our clients, helping them to successfully take back control of their data protection strategy. We understand there is no one-size-fits-all answer. Instead, we deliver a variety of best-of-breed approaches that enable your cloud strategy, including:

• Protecting database wallets
• Hold Your Own Key (HYOK)
• Double key encryption (DKE)
• Automated find tag/classify, protect, and visualize your data
• Structured and unstructured data discovery
• Masking
• Redaction
• Transparent data protection
• Automated persistent data protection

Confidence in Security

PKWARE insures your information is secured with the highest quality random commercially available. These patented capabilities are backed by In-Q-Tel and reduce your risk profile while giving organizations the most extensible key management for on-premises, hybrid, and in the cloud.

• In-Q-Tel backed True Random Number Generation and hardware root of trust
• More than 1 GBPS of the highest quality entropy
• True random keys provided to any system, device, or cloud
• Included in Continuous Diagnostics & Mitigation Approved Products List (CDM APL)
• Foundational step in quantum safe resilience
• Manufactured in the US
• Quantum-algorithm ready (working with NIST)
• FIPS 140-2 Level 3 and Level 5 systems, EAL4 on the hardware security model (HSM)

With the PKWARE platform, you can control data inside and outside the organization, be it in theatre, coalition, mission partner, contractor, or vendor.

PKWARE has provided unified solutions to multiple data security concerns, fulfilling 100 percent of each agency’s data governance and protection requirements. With PKWARE installed on its mainframe, servers, and end user devices, an agency is able to ensure compliance with all Federal data security regulations.

Quickly achieve the desired results with your key management and/or automated data protection policies. Learn how PKWARE can help increase resilience in your key management strategy and provide solutions for your data security needs. Request a free demo now.