This article can also be found in the Premium Editorial Download "Storage magazine: Survey says storage salaries are climbing."
Download it now to read this article plus other related content.
Don't lose your keys
"Without an effective key management plan, data encryption is tantamount to data deletion," says Dennis Hoffman, EMC's vice president of information security. Different encryption options vary in their approach to key management. At CUDP, for example, the responsibility for managing keys rests with the firm's Shapiro. The way NetVault's encryption plug-in works, the key to decrypt a backup is stored on the client machine. That means that if the machine itself is down, you can't access the key. To get around that problem, Shapiro has a password-protected file in which he keeps keys for all the machines backed up by CUDP.
That approach should work fine, assuming Shapiro isn't hit by a truck going to work and that nothing happens to his password-protected file in which the keys are stored. According to Preston, many backup encryption packages take key management pretty lightly. For example, Symantec/Veritas NetBackup, he says, can work with only one key at a time--which means the same key can be used to encrypt and decrypt any backup tape cut by the application. Some key management schemes "may have sounded good in 1987, but they don't sound very good today," Preston adds.
Here are some things to look for from a sophisticated key management solution:
- Keys should allow backups to be restored to servers other than the one on which they were created.
- Keys should be protected and replicated, possibly to a key
- escrow service.
- Keys should be able to be authenticated using public key/private key mechanisms.
- Some key management services let you designate multiple people as "security officers." To initiate a decryption, a quorum of security officers must be met, eliminating the possibility that a single black hat can decrypt a tape.
Whatever the case, it's important to remember that encrypting backups should be only a small part of an organization's security strategy. "A tape falling off of an Iron Mountain truck is a 5% problem," says Hoffman. "It's far more likely that information will be leaked because of a laptop loss or employee theft." Broadly speaking, he sees the rush to encrypt backups as "a massive knee-jerk reaction within the storage industry right now. The best way to secure your backup is not to put it on tape [and to use disk]."
Others see the move toward encrypting tapes as the new world order. Whether people continue to back up largely to tape, or move to disk, it's increasingly clear that the days of unencrypted backup tapes are numbered. Says Rob Gretton, director at Disuk: "In a few years the comment will be made 'You mean you didn't used to encrypt your backups?'"
This was first published in November 2005