Home > Storage Magazine > Columns > Untangling the encryption chain
EMAIL THIS
Storage Magazine

  CURRENT ISSUE  
  FEATURES  
  TOOLS, TRENDS & ANALYSIS  
  COLUMNS  
  ARCHIVES  
  SUBSCRIBE/RENEW  
  

Untangling the encryption chain
by Stephen Foskett
Issue: Oct 2006
printer-friendly
< PREV PAGE   |   1  |   2  |   3  |   NEXT PAGE  >

Untangling the encryption chain

Encryption can protect your data, but it can also play havoc with other storage applications.


Encryption would seem to be a critical technology in today's world of embarrassing data losses, but studies reveal that it's rarely used. So why is data that should be encrypted left alone, even as numerous products target this exact problem? Simply put, encryption is a chain, not just a single link, and unless each point in the data path includes encryption and decryption, other desirable functions are lost. Users have opted to leave their data unencrypted, relying on access control to keep data safe. But recent industry moves may change that practice.

From the top down
The first decision point in investigating encryption technologies is where to encrypt. If we think of the stack from application through operating system, network and storage device, we can see that encrypting data near the top (at the application or OS level) will protect it all the way down to the storage device. We protect data in motion (across the storage network) as well as data at rest (once it's stored).

But if you encrypt it at the application, only data from that app is protected. And how many applications ...



truly stand alone without any supporting infrastructure or outside data?

The same problem applies to server-side encryption, often using an encrypting file-system driver like the one included in Microsoft Windows. If we encrypt at that level, all data from the server is protected through the network and on disk, but this would have to be enabled on all of the file systems and servers to have complete coverage.

Some vendors have begun supplying network-based encryption devices. These sit in-band in the Fibre Channel or IP network and encrypt all the packets they see. This eases management because everything flowing across the network is encrypted without having to install or configure software on a large number of servers. These devices are often deployed at the edge of a network where the perceived level of vulnerability increases.

If this type of device is located right next to the disk or tape, it becomes more of a tool to protect data at rest. This is especially useful when the storage media is tape cartridges, as they have a tendency to end up where they don't belong.

These appliances also relieve servers of encryption duties, often using specialized hardware such as custom chips designed to handle a particular encryption algorithm.

< PREV PAGE   |   1  |   2  |   3  |   NEXT PAGE  >





TechTarget Storage Media
Storage Magazine View this month\\'s issue and subscribe today.
Storage Decisions Apply online for free conference admission.
SearchStorage.com
HomeNewsMagazineTopicsLearningMultimediaWhite PapersBlogsEventsAbout Us
SEARCH :     Site Index Powered by: Search Powered by Google

About Us  |  Contact Us  |  For Advertisers  |  For Business Partners  |  Site Index  |  RSS
TechTarget provides technology professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective purchase decisions and managing their organizations' technology projects - with its network of technology-specific websites, events and online magazines.

TechTarget Corporate Web Site  |  Media Kits  |  Site Map




All Rights Reserved, Copyright 2000 - 2009, TechTarget | Read our Privacy Policy 		  TechTarget - The IT Media ROI Experts