This article can also be found in the Premium Editorial Download "Storage magazine: Upgrade path bumpy for major backup app."
Download it now to read this article plus other related content.
What you need to know about encryption key management
If encryption isn't in your shop yet, it will be soon. Learn how to manage it before it's too late.
Three years ago, storage encryption generated more head scratching than interest. Storage was assumed to be a technology layer hidden behind well-protected server hardware and OSes. Encryption was a topic for intelligence agencies, math gurus and networking professionals, but not the storage team.
That mindset seems quaint today. When it comes to storage encryption, we now know the following:
Users get it. Between February 2005 and July 2006, there were 17 publicly disclosed data breaches, according to the Privacy Rights Clearinghouse. More than 9 million Americans had their personal information exposed in these breaches. Given the potential cost and damage of a publicly disclosed data breach, storage professionals are evaluating and purchasing tape encryption solutions in record numbers.
Vendors are responding. Last year, Network Appliance bought Decru, while NeoScale Systems signed on as a partner with all of the storage leaders. And backup software vendors such as Asigra, Atempo and CA enhanced their own cryptographic capabilities.
Encryption is moving from appliances to devices. In this more recent trend, device vendors are adding cryptographic capabilities within their systems. Nexsan added encryption to
The new storage encryption mantra is key management. Decru and NeoScale each introduced key management products this year, while EMC scooped up security veteran RSA Security, noting that key management was a major reason for the acquisition.
Most of these trends are progressing as expected. User demand inevitably leads to vendor action, so the onslaught of new encryption offerings is no surprise. But key management technology doesn't fit into this natural economic cycle. To many storage professionals, key management is a new concept that's neither intuitive nor well understood.
ESG recently asked 227 North American-based security professionals from organizations with more than 1,000 employees, "How interested do you believe your organization would be in centralized key management?" Almost 20% said their firm had deployed a centralized key management solution, while more than 50% were either extremely or somewhat interested in centralizing key management.
Unfortunately, security folks seem to be keeping key management a well-guarded secret. As encryption becomes more integrated into all layers of IT, the rest of the technology team needs to understand key management to some degree.
This was first published in September 2006