Glossary: Insecure Cryptographic Storage

Insecure Cryptographic Storage

Storing encrypted files is critical for companies that offer sensitive information online. But improperly encrypted files can be an equally risky scenario as it leads to a false sense of security. The process of having improperly encrypted files in storage is known as Insecure Cryptographic Storage (ICS). There is a variety of factors that can lead to ICS, including these:

Bad algorithms
Improper key management and storage
Encryption of the wrong data
Insecure cryptography (such as encryption developed in-house, etc.)

How to avoid Insecure Cryptographic Storage Even if the program itself is encrypted, some information may be accessed through databases, registry data and temporary (temp) files. This can result in sensitive data being accessed as unencrypted data, which can then be used by the malicious user for personal or financial gain. Compromising of company accounts usually leads to the stealing of confidential client or customer information. In order to avoid this type of breach, developers should locate and identify all data that needs to be encrypted. Sensitive data should not be able to be easily overwritten, while sensitive memory areas should be immediately overwritten. Here is a list of steps and processes that can be used to avoid ICS from leading to a potential data breach or other detrimental losses to the company.

Locate and identify sensitive company data and confidential client information, and make sure it is completely encrypted.
Make a list of all people who need access to sensitive data and sensitive areas. Both whitelisting and blacklisting are good solutions.
Developers should make sure that no sensitive data can be overwritten easily: however, all sensitive memory locations should be erased and overwritten as soon as the data is no longer needed to be stored there.
Encryption keys, DRM and algorithms should only be known to company management.
All data and drives that are encrypted should be checked and scanned frequently.

By overwriting memory as soon as it is no longer needed, potential unencrypted data can't be accessed by users with permissions and malicious attackers alike. Following the correct safety protocols and methods outlined in this article will help in keeping company data secure.

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Products

Services

Why Checkmarx

Solutions For

Company

Glossary: Insecure Cryptographic Storage

Insecure Cryptographic Storage

Contact Us

Solutions

Industry

Solutions For

Services

Partners

COMPARE

Company

Resources

Community