Where encryption fits best

Everybody knows they should encrypt tapes that go offsite, but many are still on the fence about where encryption should occur in their storage environments. There are a number of options, ranging from using your backup app's encryption capabilities to installing a purpose-built encryption appliance. We weigh the pros and cons of the available alternatives so that you can decide which approach best suits your shop.

This article can also be found in the Premium Editorial Download: Storage magazine: RAID turns 20: Do you still need it?:

There are numerous places to embed encryption into your backup infrastructure. Considering key management and performance issues, here are our recommendations.


A tarnished corporate name and possible financial and legal liabilities head the list of management concerns whenever removable disks and tape cartridges holding sensitive information are misplaced or stolen. Encryption can minimize the risks associated with these inevitable occurrences. But with multiple methods available to encrypt data and standards for the long-term management of encryption keys still in their early stages, companies need to proceed cautiously.

Encryption secures data and makes it accessible only to those individuals or applications with the proper credentials. Companies may choose to encrypt data in a number of places in the backup infrastructure to satisfy specific application or corporate requirements. For example:

  • Backup software may include an encryption function that encrypts data on the client or on a designated server before storing the data.


  • Encryption appliances install in the existing backup infrastructure and include purpose-built application-specific integrated circuits (ASICs) or field-programmable gate arrays (FPGAs), which encrypt data at near-wire speeds.


  • Fabric switches and director blades can encrypt data stored to any Fibre Channel (FC) SAN-attached storage devices with encryption managed as another fabric service.


  • Tape drives, tape libraries and virtual tape libraries (VTLs) encrypt data as it's placed on disk or tape, and may include encryption for free or as an optional feature.


  • Seagate Technology LLC recently announced that it plans to add Full Disk Encryption (FDE) technology to all of its enterprise-class hard drives in 2008.

Deciding where to implement encryption is only the first step; other decisions have to be made as well. For example, choosing a more complex encryption algorithm such as 256-bit AES can lengthen the time it takes to encrypt data, introduce unacceptable levels of server overhead and extend backup windows. User-selected encryption keys may be too easily hacked, negating whatever benefits encryption provides. And large organizations that are implementing encryption at multiple layers or in different locations in the backup infrastructure can create incompatible and ongoing encryption key management issues.

Other issues that must be resolved prior to implementing encryption include how to minimize the performance overhead encryption creates, how encryption keys are generated and what data to encrypt.

The best place to encrypt data in the backup infrastructure is generally determined by four factors: corporate risk thresholds, ease of implementation, price and the performance impact encryption has on the backup infrastructure. While encryption key management remains a near-term concern, new standards under discussion will likely evolve to permit the exchange of keys among different vendors' encryption key management systems.


Click here for encryption product considerations. (PDF).


Starting point
Backup software serves as a logical starting point for encryption because most organizations already own backup software. Using a backup application's encryption capability avoids the extra cost of encryption appliances, fabric switches, or new tape drives or libraries. However, there are notable differences in the way backup software encrypts data.

The use of compression by backup software as it encrypts data is an important but subtle differentiator among backup software products. Encrypting native backup data typically increases the size of backed up data stores by 20% or more, so backup software products may also turn on compression when encryption is enabled. Compression reduces the size of the backed up data, but adds another 5% to 10% to the server CPU overhead on top of the 20% overhead encryption introduces.

Backup software provides a number of options to circumvent this performance overhead. One option offered by Symantec Corp.'s Backup Exec 11d and CommVault's Galaxy 7.0 is to simply turn off compression. The compression and encryption features are individual checkboxes in these backup software products, so admins can choose to turn off compression on the backup clients but still encrypt the data. However, this reintroduces the problem of increased backup storage capacities and lengthens backup windows.

To address these issues, some backup software products offload the compression and encryption to a designated server. Backup software products that perform deduplication--such as Asigra Inc.'s Televaulting, EMC Corp.'s Avamar and Symantec's Veritas NetBackup PureDisk--compress and encrypt data as part of the deduplication process. The overhead associated with the compression and encryption is then offloaded to a designated server in the backup infrastructure. But using deduplication in the initial backup of a client can sometimes take hours or even days to complete as data is deduplicated, compressed and encrypted for the first time. It's a lengthy process that not every application can withstand.

Important questions to ask before
selecting an encryption product
As you evaluate the different places in your backup infrastructure where encryption can reside, here are some important questions to ask:

Where in the storage infrastructure should you encrypt data? This is the most fundamental question in selecting an encryption product. Each encryption architecture introduces significantly different considerations. Encryption key generation and management, increased backup windows, Fibre Channel SAN reconfigurations and heightened server overhead are just some of the factors a company needs to consider prior to adding encryption to its backup infrastructure.

How does the encryption software or appliance support key escrow and management for long-term data access and disaster recovery? Key management is a compelling issue during any recovery, disaster or otherwise. If and when a company is required to recover data years later at its existing facility or during a disaster, it needs to have the keys used to encrypt the data before that data can be recovered.

How much space is required to encrypt the data? Adding storage space in the form of more tape or disk isn't prohibitively expensive, but with encryption potentially increasing backed up data footprints by 20% or more, controlling the impact of encryption on storage growth is paramount. Compression is almost always part of the encryption process, so ascertain what capacity savings compression will provide and if that offsets the hit on backup performance and lengthier backup windows.

Is deduplication done prior to encryption? In the long term, deduplication should offer better performance characteristics than compression, but on the initial pass backup windows can be horrific. Verify how deduplication products generate and manage encryption keys and what options administrators have to change them over time.

What is the likelihood of searching and accessing data after it's encrypted? If data is encrypted and stored on tape without being indexed first, it's prohibitively expensive to search and index the data later.

Symantec's Veritas NetBackup 6.5 Media Server Encryption Option (MSEO) similarly offloads the compression and encryption from the client server, but eliminates the need for a lengthy first backup. Veritas NetBackup clients don't encrypt the backup job; instead, they direct the backup job to a Veritas NetBackup media server that stores the backup job in its normal state on disk or tape.

The Veritas NetBackup media server manages a pool of storage devices and, using MSEO, administrators can set policies that encrypt backed up client data at any point in the backup process, including some point after the initial backup job completes. In doing so, MSEO moves the performance hit from the client to the Veritas NetBackup media server so the performance hit impacts only the Veritas NetBackup media server at the time the backed up data is actually compressed and encrypted. In addition, using Veritas NetBackup's MSEO addresses one of the principal pitfalls of using backup software to encrypt data on a client: encryption key creation.

Best practices for encrypting data on mobile devices
Portable storage devices such as laptops, USB thumb drives and even iPods are now a permanent part of the corporate data management landscape. More sensitive corporate data is landing on these mobile storage devices, which, if lost, could present a serious liability to corporations. Here are some best practices for encrypting data on these devices.

Centralize policy creation and control. Encryption software for mobile devices should support encryption policies that administrators can centrally create and manage to ensure mobile users don't circumvent corporate policies. Centennial Software Ltd.'s Devicewall and GuardianEdge Technologies Inc.'s Device Control and Removable Storage Encryption products can encrypt data and provide centralized encryption policy management for portable storage devices.

Data classification. Encryption software should include a discovery and reporting component so companies can quantify how much--and what--data is stored on portable devices, as well as what the potential risk is if loss or theft occurs. Products from Tablus Inc. and Vontu Inc. identify data being copied to devices and can prevent or audit those activities.

Encryption key creation. Formulate encryption policies that force mobile users to create and use complex encryption keys, or use third-party software that creates and manages the encryption keys for them. Devicewall and GuardianEdge tie into Active Directory, through which companies can create policies for the creation and management of user encryption keys.

Restrict data storage on new mobile devices. New portable storage devices from digital cameras to iPods are capable of storing hundreds of gigabytes of data in unencrypted formats. Short term, create policies that restrict users from storing data on these devices; longer term, implement products that encrypt data stored to these mobile devices and adhere to corporate encryption key generation and management policies.

Key management
Most backup software products leave it up to backup administrators to create the encryption key (usually a password). The backup software then uses this key to encrypt all backups on that server and possibly all client servers under the central backup software's management.

This situation is desirable in some cases. Companies that outsource their backups to third-party backup service providers typically find the backup service provider uses software like Asigra Televaulting. To protect the integrity of each client's data, individual clients are issued a complex, randomly generated encryption key that's known only to the clients; this is used for all of that client's backups. This arrangement precludes the backup service provider from ever accessing client data stored at its facility.

Scott Restivo, MIS director at J.A.M. Distributing, and an Asigra Televaulting user, finds that Asigra's mechanism for encryption key management puts the onus entirely on the administrator to manage the encryption key. Although backup service providers are diligent in providing their users with best practices for encryption key management and preservation, there's no way to retrieve or recover the encrypted data should the key ever become lost. As a result, says Restivo, "I guard the key with my life."

Unacceptable risk
But entrusting encryption key creation and/or management to a specific individual or using a single key for all corporate backups isn't an acceptable risk for all firms. Corporate One Federal Credit Union, a financial services provider to nearly 800 credit unions in the U.S., is subject to specific external regulations such as the Gramm-Leach-Bliley Act (GLBA) and the National Credit Union Administration (NCUA) Regulation Part 748. That necessitated Corporate One Federal Credit Union to take extra precautions in its key generation and management.

Corporate One Federal Credit Union evaluated most of the available encryption options and eventually selected Network Appliance (NetApp) Inc.'s Decru DataFort encryption appliance. An encryption appliance distinguishes itself from other encryption architectures in that a company can continue to use its existing backup infrastructure because the appliance is installed as a device in the data path between the backup software and the target storage device. This architecture eliminates any dependencies on backup software or tape libraries for ongoing key management, and the encryption appliance usually includes an ASIC to expedite the compression and encryption of backed up data.

A determining factor for Corporate One Federal Credit Union's decision was how Decru DataFort generated and managed its own encryption keys. Prior to selecting Decru DataFort, Corporate One had developed its own in-house system for key management for data exchange with its various member credit unions. Decru DataFort eliminated that need for internal key generation and management because it generates unique random numbers for backups as frequently as Corporate One wants them created. In instances where member credit unions also used Decru DataFort, Corporate One could configure its Decru DataFort encryption appliances to exchange encryption keys with the Decru DataFort at a member credit union's site.

A growing number of other encryption architectures now offer similar means for creating and managing randomly generated encryption keys. Tape drives that do encryption such as IBM Corp.'s T1120 (3592 tape formats) and Sun Microsystems Inc.'s StorageTek T10000 (9840 tape formats) include ASICs that expedite encryption, but they still rely on external encryption software to provide the needed encryption key. IBM and Sun plan to eventually allow other vendors' encryption key managers to generate random encryption keys; in the meantime, IBM T1120 users will need to rely on IBM Encryption Key Manager to generate encryption keys; Sun StorageTek T10000 users will need to deploy Sun StorageTek Crypto Key Management Station for key generation and management.

LTO-4 tape drives are further down the road in integrating with third-party software encryption key managers. LTO-4 tape drives provide the necessary APIs for encryption key management providers to select the encryption algorithm they should use, as well as the key the LTO-4 tape drive needs to do the encryption. Currently, users of CommVault's Galaxy 7.0 backup software can randomly generate encryption keys that LTO-4 tape drives can accept and use.

How much data to encrypt
A major decision Chad Sturgill, network engineer at Corporate One Federal Credit Union, had to make when implementing encryption was how much of his company's data to encrypt. Although Sturgill knew Corporate One didn't need to encrypt all of its data, he also realized that Corporate One's data wasn't perfectly classified. With that in mind, Sturgill instituted a policy where all of Corporate One's data was encrypted to ensure it was protected. "If you leave your house and lock the door, do you leave your garage door open?" queries Sturgill.

Supporting that encryption policy required Sturgill to verify that Decru could handle the overhead associated with the encryption and not impact backup windows. He ran a series of tests and found that using an encryption appliance in the data path had minimal or no effect on backup times and, in some instances, actually improved the overall speed of backups.

Sturgill's experiences support encryption appliance vendor claims that their appliances have minimal or no impact on backup speeds. NetApp finds that as many as one-third of its Decru DataFort customers generally see +/- 5% performance impact on backup times, which is generally acceptable to most users.

Companies with high-performance FC SAN environments that are hesitant to introduce encryption appliances may find Cisco Systems Inc.'s new Storage Media Encryption (SME) more suitable. SME is available on Cisco's MDS 9222i Multilayer Fabric Switch or its MPS-18/4 director blade, and is managed as another fabric service in Cisco's SAN-OS. Cisco's SME uses a central ASIC on the fabric switch or director blade that provides up to 10Gb/sec of throughput with key creation and management handled externally by EMC's RSA Key Manager or Cisco's own key management application (due out this month). Although encrypting in the switch avoids the need to introduce appliances, the current implementation encrypts data to whatever storage devices are attached to these ports.

Purchasing new tape drives that natively support encryption may be the simplest and easiest way for a company to encrypt all of its data. New tape drives often eliminate some of the internal justifications administrators need to provide when purchasing encryption appliances or switches. Tape drives such as the IBM T1120 also include an encryption ASIC that, according to Bradley Johns, IBM System Storage tape market management, keeps the performance impact at or under 1% in most customer environments.

Of the available encryption options, backup software tends to do the poorest job of handling the performance hit created by wholesale data encryption. Administrators can mitigate this performance impact by only encrypting data going offsite during off-backup hours using features such as CommVault's Auxiliary Copy-level encryption or Symantec's Veritas NetBackup MSEO.

"Copies from disk to tape can be done outside of normal backup windows on MediaAgent servers that are typically underutilized during these periods of time," says Brian Brockway, CommVault's senior director of product management.

Centralizing key management
Encryption key management is a major concern for most companies. Large companies may introduce encryption at multiple layers in their backup infrastructure due to acquisitions, growth or mergers. Supporting multiple key management systems can become highly problematic, but there are some options to manage multiple encryption systems.

Encryption appliances provide their own key encryption management system, such as Decru's Lifetime Key Management or NeoScale Systems Inc.'s CryptoStor KeyVault, but these vendors say they'll support other key encryption systems found in backup software or tape drives as they gain access to these APIs.

For companies with multiple key encryption systems, an independent third-party software provider such as RSA, The Security Division of EMC, is a more viable option. Chris Parkerson, RSA's senior product marketing manager, says RSA's goal is to become the "management hub for encryption." A NetApp spokesperson says the RSA Key Manager is a "super key manager" with the Decru DataFort acting as a proxy into it.

James Yu, NeoScale's senior VP of marketing and business development, suggests that in the longer term encryption key management standards may result in the creation of an encryption key cloud that functions in a manner similar to how domain name servers (DNS) operate on the Internet. Using DNS on the Internet, computers contact root DNS servers that look up a computer name on the Internet and then provide the requesting computer with the information it needs to locate and directly contact another computer on the Internet.

Encryption key management standards would function in a comparable manner by providing a standard way for different vendors' encryption key management programs to communicate and share encryption key information. "These standards, used in conjunction with authenticated encryption key management servers, could enable the sharing of policies and encryption keys between different encryption key management servers," says Yu.

The still nascent state of encryption key management standards and the proprietary nature of encryption key management require large firms to exercise caution in their selection and deployment of encryption. With most firms looking to encrypt only data sent offsite, backup admins should give preference to products that provide options to configure their architecture to support this specific requirement. Encryption appliances, tape drives and libraries with APIs accessible by third-party encryption key managers, and backup software with an off-host media server encryption option are the architectures that backup admins should give preference to at this time.

This was first published in November 2007
This Content Component encountered an error

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchSolidStateStorage

SearchVirtualStorage

SearchCloudStorage

SearchDisasterRecovery

SearchDataBackup

Close