This article can also be found in the Premium Editorial Download "Storage magazine: New rules change data retention game."
Download it now to read this article plus other related content.
Encryption itself, if you don't delve into its underpinnings, is fairly straightforward stuff, but keeping track of encryption keys can be cumbersome or downright confusing; not the kind of stuff any sane storage manager would add to an already complex environment. The number of different methods and architectures security vendors use for key management only compounds the confusion.
The solution may be as simple as knocking on the door of your company's network security crew. You might not understand all of their lingo, but they probably don't speak storage either, so you'll be on an equal footing. The security guys have been there and done that, as far as key management goes, and they're probably your best resource as you sift through the various encryption alternatives. You might even find a storage encryption product that uses the same key management scheme the network security gang is already using.
Even if you can get over the cost justification and key management hurdles, you're still not home free. Encryption will have an effect--maybe a profound one--on other storage management processes. At a minimum, it's another piece of software or hardware that will have to be monitored, managed, configured and so on. And it will likely have an impact on things you're doing today and may take for granted, like data compression. Because encrypted data can't be compressed, you may have to retool your compression process.
Kind of a bleak picture, huh? But think
This was first published in September 2007