An enterprise uses AES-256 encryption for its SAN volumes. During an internal compliance review, auditors flag that the master volume-encryption key (MEK) can be exported by a single storage administrator who possesses the key-management server credentials. The security architect must implement a control so that any future export or use of the MEK will demand the cooperation of two separate custodians, each of whom holds a different key token, and that neither token by itself reveals any information about the MEK.
Which of the following mitigation techniques best satisfies this requirement?
Divide the MEK using a split-key (secret-sharing) scheme so that two custodians must combine their separate key shares before the MEK can be reconstructed.
Load the MEK into a single hardware security module (HSM) and protect the HSM with a strong administrator PIN.
Rotate the MEK every 30 days and store previous keys in an offline, fire-proof safe managed by the security team.
Require the storage administrator to log in to the key-management server with smart-card-based multi-factor authentication.
Splitting the master key into two independent cryptographic shares enforces split knowledge and dual control: each custodian's token is useless on its own, and both must collaborate to reconstruct or use the MEK. Storing the key in a single HSM with a PIN (or adding MFA) still allows one individual to act alone once authenticated, while periodic key rotation with offline storage does not stop a lone administrator from accessing the current key. Only the split-key approach directly eliminates single-person control over the encryption key.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is a split-key (secret-sharing) scheme?
Open an interactive chat with Bash
Why is a single hardware security module (HSM) with a PIN insufficient in this scenario?
Open an interactive chat with Bash
What are the advantages of using dual control and split knowledge for key management?