Feature

Untangling the encryption chain

Ezine

This article can also be found in the Premium Editorial Download "Storage magazine: What you need to know about data storage provisioning."

Download it now to read this article plus other related content.

Building the chain
How can we break up this logjam? Let's look at another arena where encryption is actively being pursued--digital television. Without endorsing encrypted television signals (which I'm opposed to), we can still learn a lesson about how to approach encryption. The "end-to-end" encryption of digital television would still permit decryption and re-encryption at authorized points to allow advanced functions. For example, a future TiVo would receive an encrypted stream, decrypt it, perhaps re-encode or process it, store it and re-encrypt it before sending it to the television.

Let's apply this to storage. If we developed a system that allowed a deduplication engine or storage router to decrypt the data coming in and re-encrypt it after processing, we could enable encryption everywhere in the network. We'd be building a chain of encrypted segments.

Every device in the chain would have to understand the encryption scheme used and share keys to make this work. This would require an advanced key management system and open API to allow different combinations of equipment to interoperate. This last bit sounds like a job for the Storage Networking Industry Association (SNIA), but I don't see it happening yet. Maybe a vendor-specific API like NeoScale's will be adopted as a de facto standard.

Of course, there's another possibility. A vendor could engineer its own end-to-end infrastructure with completely integrated encryption at every point.

    Requires Free Membership to View

Of course, it would need to have its products everywhere along the chain: software installed on the servers managing the storage, intelligent switches, virtualization appliances and arrays. It would also need some serious encryption and key management expertise.

When EMC bought RSA Security this past summer, many observers were left scratching their heads wondering where the fit was. Some suggested it was simply an opportunistic acquisition, others thought it was a defensive move to keep the company away from Symantec, while a few just threw up their hands and said EMC was crazy. I say the company was crazy like a fox! If anyone could pull off an end-to-end, single-vendor encrypted infrastructure like the one I just described, it would be the combination of EMC and RSA. Maybe encryption will happen after all.

This was first published in October 2006

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: