Business

Is Manual Key Delivery Dying? 

With cyber attacks at an all-time high and the use of digital cryptography present in both our personal and professional daily lives, it’s never been more important to make sure your encryption tools, from start to finish, are the absolute best available. On a daily basis, the average organisation will rely on keys to send and receive messages, transactions, emails and more. This makes the type of key – and its delivery method – a matter of interest and importance to your operations.

The technological advancements around cryptographic key distribution are really ramping up in the past decade, particularly with the advent of quantum computing and the fact we may have quantum computers active in our lives within the next two years.

The use of the often-cumbersome manual key delivery (MKD) relies heavily on human involvement in encryption and decryption processes (hence the term ‘manual’). Further, because of the use of tools such as spreadsheets and manual key exchanges – or even worse, paper-based protocols and trackers – the margin for error, as well as for vulnerabilities to hacking, is exponentially higher than with automated key delivery.

How manual key delivery works

With MKD, a system administrator or appropriate person creates the key, logs it, and distributes it exactly as it sounds – manually. This doesn’t necessarily always mean physical delivery via courier, but it does mean the labour-intensive distribution and tracking of keys – and it’s the latter that makes it so vulnerable to attack.

The use of the often-cumbersome MKD relies heavily on human involvement in encryption and decryption processes (hence the term ‘manual’). Further, because of the use of tools such as spreadsheets and manual key exchanges – or even worse, paper-based protocols and trackers – the margin for error, as well as for vulnerabilities to hacking, is exponentially higher than with automated key delivery.     

What are the advantages and disadvantages?

If you have a small organisation with few security concerns and not much traffic, MKD is a practical, low-cost solution, and may be preferable – mainly because automated key delivery systems can be expensive (or, at least more expensive than not having a secure system in place). But, to be honest, the long-term cost and disadvantages of not having one are too high to really consider. In short, the advantages of MKD are few.

In contrast, there are many disadvantages of MKD. To save you time reading through a hefty paragraph of MKD ‘cons’, I have briefly summarised them below:

  •   it’s incredibly labour-intensive and time-consuming
  •   it’s impractical if you have more than a few dozen keys
  •   the margin for human error is exceptionally high when compared with automation
  •   the consequences of the aforementioned error can be to literally halt your business
  •   humans can accidentally install the wrong key
  •   security risks are exceptionally high, including:

o   employees ignoring policies and procedures

o   too many points of potential hacking, such as finding your logs, intercepting spreadsheets and literally anyone seeing a paper-based record

With security breaches in the tens-of-thousands every month this year alone, is it ever the most business-savvy approach to purposely choose a solution so vulnerable to attacks, particularly with the Internet of Things meaning multiple devices creating even more access points? The obvious answer is, “Absolutely not!”

According to IBM: “Given the large number of communicating hosts in a typical network, [the manual key distribution] process quickly becomes unwieldy, error-prone, maintenance intensive, and not scalable.”

In reality, MKD has had its day and, much like fossil fuels or ‘70s dinner party food, has become essentially redundant. It’s also incredibly limiting and vastly insecure compared to other solutions.

A dedicated electronic key management system – whether using public key encryption or symmetric encryption – is a far better solution for most organisations.

Circling back to the threat of quantum computers and the likelihood that they’ll provide threat actors with instant decryption tools, the best solution for any company is an encryption tool that includes the following:

  •   cloud-based or including cloud infrastructure in its solution or platform
  •   designed with the Internet of Things in mind
  •   protects blockchain and considers all points of entry
  •   quantum-safe (two years, or even five, is not that far away!)
  •   includes a highly secure, fast solution such as symmetric key encryption (and distribution)

And while this isn’t a sales exercise, so far, the only platform I’ve found that ticks all these boxes is QuantumCloud, from a British company called Arqit Quantum, Inc. Working for governments, defence and intelligence operations, satellite and aerospace companies as well as major telecoms firms, QuantumCloud is, for the money, the most future-proof solution an organisation can hope for!

And future-proofing is what the best cyber security professionals are always on the look-out for.

Related Articles

Leave a Reply

Back to top button