Key to secure cryptographic keys

Protect your digital currencies via methods such as storing keys in a digital vault and reviewing access activity

The issues of cryptocurrencies are widely debated among central banks and governments.

Late last year, the Monetary Authority of Singapore (MAS) advised the public to act with extreme caution and to understand the risks they could face if they choose to invest in cryptocurrencies.

MAS highlighted there is also a risk of loss should the cryptocurrency intermediary be hacked, as it may not have sufficiently robust security features.

The rapid growth in the value of cryptocurrencies such as Bitcoin over the past year has made it an attractive investment.

Nevertheless, the number of cyber security threats is rising, as well as the number of methods to illegally access data, exploit computer power and extort money.

Over the past year, the Southeast Asia region witnessed a growing number of cryptocurrency start-ups.

As this form of currency gains more popularity and credibility, organisations in every industry will need to implement security controls to mitigate risk against crypto-credentials from becoming exposed.

There are two types of digital wallets: hot and cold wallets.

Hot wallets are used by individual users and organisations to store smaller amounts of currency, providing the need for more fluidity required for quick transfers and exchanges.

There are cryptocurrency services such as Coinbase and Bittrex that manage and store the wallet's private key and provide users with easy access.

Usually, this type of managed service is password protected.

Cold wallets are used by organisations and security-savvy individuals and typically hold larger amounts of digital currency. This type of wallet keeps its associated private key off the Internet and often stores it on an offline computer.

Cryptocurrency private keys are not exclusively used by humans. There are many automated processes that perform cryptocurrency transactions.

Securing private keys for users (both human and machine) is a foundational first step, followed by authenticating and identifying who has access to them, controlling the access and monitoring its usage.

Cryptocurrency private keys should be treated as another type of privileged credential that needs to be protected.

It is vital to authenticate the access control and ensure it has not been forged by a malicious insider or external attacker.

Here are six key considerations to secure and protect cryptographic keys:

1. Store cryptographic keys in a secure digital vault. Move keys into a digital vault with multiple layers of security wrapped around it, enforce multi-factor authentication to all users.

2. Introduce role segregation. Control individual access to stored keys, preventing even the most privileged administrators from getting to them unless explicit permissions have been granted.

3. Enable secure application access. Restrict access to stored keys to authorised apps and verify that the apps are legitimate and untampered with.

4. Audit and review access key activity. Audit all activities related to key access and implement trigger events to alert the necessary individuals of any key activity.

5. Enforce workflow approvals. Enforce approvals for any activities considered to be highly sensitive and the same goes for accessing the keys.

6. Monitor cryptocurrency administrator activities. Facilitate connections - similar to an automated secure proxy/jump host - to target systems used to perform cryptocurrency administrator activities, such as the system hosting the wallet.

The writer is vice-president of Solution Engineer, Asia Pacific and Japan, at CyberArk.