Before answering your question, I would suggest you analyze the "safe place" for the media storage. Is it just (only) physically secure or do you have intercepts such as firewall and intrusion detection protections?
Back to your question - for data archive, encryption is the first step. Here, the challenge is the storage of keys for long periods of time. One approach is to let the customer own and retain the keys - which can be done on some of the smart cards. However, key storage, both the number of keys and the duration of key storage, can pose a challenge. For encryption algorithms, 3-DES in CBC mode is commonly recommended for storage data (of course, it all depends on how secure you want your data to be). AES in CBC mode is another possibility. DES in CBC mode is now considered weak.
The next step after encryption is the support for ensuring data integrity using digital signature technologies. While encryption protects the confidentiality, it does not ensure integrity of the data.
There are also some aspects of the recent HIPAA regulations that specify certain levels of security for the healthcare records. You may want to consider that for your data archives.
Finally, you must develop and enforce sound security policies that meet the customer requirements.
Sorry, there are other considerations too, but this should give you the high level picture.
Editor's note: Do you agree with this expert's response? If you have more to share, post it in our .20PdajkXdac^0@.ee83ce2!viewtype=&skip=&expand=>Administrator Central discussion forum.
This was first published in January 2002