![]() With Encrypt paired with Key you have encrypted all your data and centralized your keys, the only step left is to store them separately and securely. I recently sat in a meeting with a Fortune 50 company security team and was told that they plan on the entire codebase and database being compromised-with a near limitless budget on perimeter security, they still understood access to the codebase and database was inevitable.Īnd that’s where Lockr comes in, pairing the Encrypt and Key modules with Lockr, the average Drupal website can obtain next-level key management. And when they do get in, without proper key management you are handing over the keys to unlock it all. We do all we can to keep the perimeter secure, but we have to expect people will still get in. NEFARIOUS ACCESS TO YOUR CODEBASE AND DATABASE IS INEVITABLE From PCI DSS to HIPAA to government regulations worldwide, they all state that proper key management is critical to secure data and their recommendations state that for a key to be properly managed, it must reside in an environment physically separate from the one that is using it. You can encrypt your data but unless you have a separate place to store your keys, they co-exist in the same space. That is, once someone has access to your server, they have the keys to your data. While the settings.php file or a file outside the site root are two “stronger” options than storing the keys in the database, they are still doing the proverbial “ taping the key to the front door” (or leaving your keys in the lock). Out of the box Key offers the ability to store keys within your database, like in the settings.php file-so it can be tracked for change using change management-or in a file that can reside anywhere in the system (preferably outside the site root). While Encrypt and Key work well together to make stronger key management than no key management at all, there’s one final piece of the puzzle to make it the strongest and most secure. That is, if you store your keys in a secure place. Having control over key storage location, means the possibility of a higher level of security. This empowers site developers to have the ability to define how and where keys are stored. It is a pluggable module that routes key requests to secure key storage. Key is a module specifically built for key management. KEY: THE DRUPAL MODULE FOR ENCRYPTION KEY MANAGEMENTĮncryption is only as good as the key used in the process, and where it’s kept. It allows modules to encrypt data such that it can be decrypted using the same key that was used to encrypt data…useful for storing sensitive information.”Įncryption offers one level of security, but encryption also means encryption keys. This module aims to make it easy for other modules to keep data secured in an extensible way that does not inherently require any other dependencies.”Įncrypt provides an “application programming interface (API) for performing two-way data encryption. There is also not a very standard way of performing encryption in PHP without extensions. “There is no way to do two-way encryption in Drupal. The Encrypt module page explains it best: ![]() DRUPAL ENCRYPTION WITH THE ENCRYPT MODULEĬreating a two-way encryption module for Drupal was an important first step in securing Drupal. Let’s look at how each of these pieces work. That led us to the final step in our journey to build “Lockr” to provide true encryption key management in Drupal. Lastly, we knew that getting keys off your server and into a secure place would be the gold standard in key management, yet most solutions were cost prohibitive to the everyday content management system. But users still needed to manage the keys created through the two-way encryption. Thankfully, with the folks at Townsend Security and a dedicated community of contributors, we’ve taken great strides in making modules to encrypt Drupal sites easy and approachable for anyone to use.įirst we developed “Encrypt,” built to provide much needed two-way Drupal encryption. ![]() To many developers, encryption can be a scary thing. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |