Managing cryptographic keys can be a complex task for an enterprise and particularly difficult to scale when an increasing number of users and applications need to be managed. In order to address scalability issues, typical IT infrastructures employ key management systems that are able to handle a large number of encryption keys and associate them with the authorized requests. Given their necessity, recent years have witnessed a variety of key management systems, aligned with the features, quality, price and security needs of specific organisations. While the spectrum of such solutions is welcome and demonstrates the expanding nature of the market, it also makes it time consuming for IT managers to identify the appropriate system for their respective company needs. This paper provides a list of key management tools which include a minimum set of features, such as availability of secure database for managing keys, an authentication, authorization, and access control model for restricting and managing access to keys, effective logging of actions with keys, and the presence of an API for accessing functions directly from the application code. Five systems were comprehensively compared by evaluating the attributes related to complexity of the implementation, its popularity, linked vulnerabilities and technical performance in terms of response time and network usage. These were Pinterest Knox, Hashicorp Vault, Square Keywhiz, OpenStack Barbican, and Cyberark Conjur. Out of these five, Hachicorp Vault was determined to be the most suitable system for small businesses.
翻译:管理加密钥匙对企业来说是一项复杂的任务,而且当需要管理越来越多的用户和应用程序时,管理加密钥匙可能特别困难。为了解决可扩缩性问题,典型的信息技术基础设施采用关键管理系统,能够处理大量加密钥匙,并将这些钥匙与授权的请求联系起来。鉴于这些系统的必要性,近年来出现了各种关键管理系统,这些系统与具体组织的特点、质量、价格和安全需要相一致。这些解决方案的范围是值得欢迎的,显示了市场的扩大性质,也使得信息技术管理人员需要花费时间来确定适合各自公司需要的适当系统。本文提供了一套关键管理工具的清单,其中包括一套最起码的功能,例如管理钥匙的安全数据库、认证、授权和访问控制模式,以限制和管理钥匙的使用,有效记录使用钥匙的行动,以及存在一个用于直接从应用代码获取功能的API。有五个系统进行了全面比较,通过评价与实施的复杂性、其受欢迎程度、关联的脆弱性以及反应时间和网络使用方面的技术绩效。这些文件包括:用于管理钥匙的安全数据库、认证、授权、授权和访问模式、限制和管理钥匙的有效记录、直接使用应用应用密码系统等。