共享密钥加密 公开密钥加密_保持加密密钥安全的重要性

共享密钥加密 公开密钥加密

Data in the cloud is often encrypted using a private key, which can simply be the user’s password or a separate string of characters for added security. This encryption key is then the sole responsibility of the end-user and guarantees that only they will be able to access the data stored in their cloud account – anyone else attempting to access their account will just see a load of garbled files that will make no sense as these will be the encrypted versions. Because of the nature of the information that many businesses choose to store in the cloud, encryption is a vital part of the cloud security framework; this in turn highlights the significance of keeping encryption keys secure, as if someone with malicious intentions gets hold of the encryption key then they will have full access to the information stored in your account – this is why it can be good practice to have a password protecting your account and a separate file encryption key.

云中的数据通常使用私钥加密，私钥可以只是用户的密码或单独的字符串，以提高安全性。 然后，此加密密钥是最终用户的唯一责任，并保证只有他们才能访问存储在其云帐户中的数据-尝试访问其帐户的其他任何人都只会看到大量乱码文件，这些文件不会因为这些将是加密版本。 由于许多企业选择将信息存储在云中，因此加密是云安全框架的重要组成部分。 这反过来凸显了保持加密密钥安全的重要性，就好像有恶意意图的人抓住了加密密钥，那么他们将可以完全访问您帐户中存储的信息一样，这就是为什么拥有密码可以作为一种很好的做法的原因保护您的帐户和一个单独的文件加密密钥。

Maintaining tight control of who has access

严格控制谁有权访问

Minimising the number of people with direct access to the key is always good practice, this ensures that if the key is leaked then it is easy to pinpoint who it has originated from so that steps can then be taken to apply a new key and then supply to different people for added trust. Whilst this may seem like an inconvenient option for situations where regular access to these files by multiple users is required, it would perhaps be more beneficial to store such files locally anyhow and the less frequently accessed but more importance can be stored away securely in the cloud.

尽量减少直接访问密钥的人数始终是一个好习惯，这可以确保如果密钥泄漏，则很容易查明密钥的来源，因此可以采取步骤来应用新密钥，然后提供给不同的人增加信任。 尽管对于需要多个用户定期访问这些文件的情况来说，这似乎是一个不方便的选择，但是以任何方式在本地存储此类文件可能会更有益，并且访问频率较低但更重要的是可以安全地存储在云中。

Consider secure storage arrangements on the desktop

考虑台式机上的安全存储安排

Keeping an encryption key in plain sight in a text file on the local computer is just asking for trouble, which is why it is a good idea to consider a secure password vault application that itself encrypts passwords and requires a password in order for entry to be gained. This will provide the assurance that even if malicious attackers do gain access to the local computer, access to the encryption key itself will still be prohibited.

在本地计算机上的文本文件中清晰地看到加密密钥只是在问麻烦，这就是为什么考虑一个安全的密码保险库应用程序是一个好主意，该应用程序本身会加密密码并需要输入密码才能输入获得。 这将确保即使恶意攻击者确实获得了对本地计算机的访问权限，仍然将禁止对加密密钥本身的访问。

Exploring the encryption algorithm securing your data

探索保护数据安全的加密算法

There are a number of different encryption algorithms available that can offer varying levels of protection, so choosing a cloud host that uses a tried and tested method of encryption is the most reliable method of safeguarding your data. Encrypting not only the information stored in the cloud, but also data that is transferred to and from it is recommended best practice – this way, your only worry has to be the level of security in place on your local machines. This is known as ‘homomorphic encryption’ and means that the cloud server is only ever dealing with encrypted data and search queries; all data that is returned to the client computer accessing the data or performing a search is encrypted and it is the local machine that is then responsible for decrypting this information, increasing security because this means that the encryption key will only ever need to be entered locally and won’t have to be transferred over the Internet.

有许多不同的加密算法可以提供不同级别的保护，因此，选择使用久经考验的加密方法的云主机是保护数据的最可靠方法。 推荐的最佳做法是不仅加密存储在云中的信息，而且还加密传输到云中的数据，这样一来，您唯一担心的就是本地计算机上的安全级别。 这就是所谓的“同态加密”，这意味着云服务器仅处理加密数据和搜索查询。 返回给客户端计算机的所有数据(访问该数据或执行搜索)均被加密，然后由本地计算机负责解密此信息，从而提高了安全性，因为这意味着只需要在本地输入加密密钥即可。并且不必通过Internet传输。

As a conclusion, keeping encryption keys secure is very important for the guarantee that no unauthorised individuals are able to access business-critical files. Limiting the number of colleagues with access to the key will reduce the potential for unauthorised access or leaks, whilst maintaining a secure desktop infrastructure will also be fundamental to protecting your business’s wider IT environment.

总之，确保加密密钥的安全对确保没有未经授权的个人无法访问关键业务文件非常重要。 限制可以访问该密钥的同事的数量将减少未经授权访问或泄漏的可能性，同时保持安全的桌面基础结构对于保护您的企业更广泛的IT环境也至关重要。

翻译自: https://www.eukhost.com/blog/webhosting/the-importance-of-keeping-encryption-keys-secure/

共享密钥加密 公开密钥加密