High-Availability: Backup Servers for Your Encrypted Data
High-Availability’s Role in Protecting Data and Improving Performance
High-Availability is vital to protecting sensitive data, and an important part of key management. As you may know, key management is central to data encryption – encryption keys are like the keys to your house or to a safe, and act to protect your valuables (the encrypted data). But, much like standard house or safe keys, key management has a number of potential difficulties that can affect the security of what you’re aiming to protect. One major problem, which we addressed previously, was storing the lock and key together: this decreases security, because the lock (i.e. your data) and key are in the same place, making the data more susceptible to security breaches because it is stored with the means of decrypting it.
Another problem emerges when your key management system fails. This is tantamount to losing or breaking your key – you no longer have access to the valuables you’ve stored behind the lock, which can’t be opened without the key. In the world of data security, this would mean that your sensitive and valuable data can no longer be decrypted – the key that would decrypt the data has effectively been broken. Key management failures often occur when Hardware Security Modules (HSMs) fail or when the servers hosting key management software go down, both of which are particular problems in industries with high volumes of financial transactions or healthcare data. On the one hand, if your business uses online payment systems, you require encryption to protect financial data transferring between your infrastructure and the online payment system. But if your key manager experiences interference or a full-scale breakdown, your system will ultimately be incapacitated. On the other hand, if you have already undertaken transactions and your key manager fails, you will not be able to decrypt your stored data – it will, in effect, be lost until your key manager is restored. Both scenarios present major problems for your operations.
To combat this problem, key management systems can create high-availability. High-availability is based on the concept of redundancy – the creation of multiple identical nodes such that any one of them can replace another if it fails. High-availability builds this redundancy into your key management and data storage infrastructure, so that key management failures do not ultimately halt your entire system: it uses failover nodes or networks to keep constant communication between all key management nodes, while also replicating the data and keys, and storing them in separate locations, including on-premise via HSMs or in the cloud via the cloud services your company uses. All of this is done for the specific purposes of disaster prevention and recovery. But high-availability can also increase performance: it can be used to distribute key management functions across the multiple nodes to improve performance and decrease transactional latency.
While high-availability is conceptually straight forward, it is complex to set-up and requires specialized knowledge and oversight. KeyNexus’ Unified Key Manager (UKM) ensures easy deployment and high-availability for the most latency and time-sensitive business processes. By automating the master key creation, enterprise keys are available on demand, when you need to access them. The KeyNexus UKM solution supports multi-nodal high-availability with master-master server configurations. With master-master server configurations, KeyNexus produces multiple nodes and, in the event of a failure, the other nodes continue to operate and automatically establish which one will operate as the master node in place of the failed one. Moreover, in terms of performance, since all KeyNexus nodes are master capable, meaning they all have the same data and features, any one of them can be used to process a transaction, which can help to better balance workflows across nodes. This will increase performance, which is particularly important in transactional environments.
KeyNexus’ UKM is also highly flexible and can be installed almost anywhere, including in virtualized environments on-premise or in any of the major IaaS clouds, including Amazon Web Services (AWS), Google, Azure and OpenStack. While capable of being integrated into all the major clouds, multi-node clusters can also be set up across them: for added security and performance, you could store one node in AWS, another in Google, as well as multiple nodes on-premise in VMware. This type of flexibility allows you to co-locate nodes with the various workloads you want to protect. For example, you could locate one or more nodes in AWS to protect the workload you are performing through that service, while locating other nodes on-premise to protect the workloads you are performing there. This brings a new level of operational choice and security to your organization’s key management and data infrastructure, while also increasing performance/decreasing latency.
Ultimately, KeyNexus’ high-availability function can help your organization’s ability to effectively function, process and store data, and recover or protect data against failures. For more information on KeyNexus’ high-availability capacity, and disaster recovery mechanisms, contact us.