A lot of people are concerned that their encryption keys stored in cloud services such as AWS KMS, Azure Keyvault, or GCP KMS, are not really secure. This can be a particular concern for people working in highly regulated industries. So how can you know if your keys are secure? In this video Dr Graham Steel explains the issues that our customers often ask us about.
You can easily migrate cryptographic keys to the cloud without rewriting any code. In this video Dr. Graham Steel explains how to move to cloud cryptography easily and securely using Cryptosense Analyzer Platform (CAP).
In this example we show how we can move an enterprise Tomcat Java application to Amazon’s AWS KMS. We will modernize the cryptography used by the application, without having to rewrite any code.
A naive approach would be to just review the source code and search for cryptographic calls. However, this is both time-consuming and error-prone: what will the parameters be when this function is actually called? Which provider will respond to the call? Are we sure this isn’t dead code or an unused part of a library? On top of this, a lot of crypto in large applications is called by third party intermediate libraries and components of application frameworks for which source code might not even be available.