|
[IMAGE] [IMAGE] [IMAGE] [IMAGE]
[IMAGE] [IMAGE] [IMAGE] [IMAGE]
[IMAGE] [IMAGE] Sampling of encryption-key management products
[IMAGE]
[IMAGE] [IMAGE] [IMAGE] [IMAGE]
[IMAGE]
[IMAGE] [IMAGE] [IMAGE] [IMAGE]
Application Security Inc.
www.appsecinc.com
AppSecInc Console
CA Inc.
www.ca.com
BrightStor Tape Encryption
Disuk Ltd.
www.disuk.com
Paranoia2
EMC Corp./RSA Security Inc.
www.rsasecurity.com
Key Manager
Entrust
To continue reading for free, register below or login
To read more you must become a member of SearchStorage.com
>
www.entrust.com
Authority Security Manager
Ingrian Networks Inc.
www.ingrian.com
DataSecure Platforms
Nexsan Technologies
www.nexsan.com
Assureon
PGP Corp.
www.pgp.com
PGP Encryption Platform, PGP NetShare
Protegrity Corp.
www.protegrity.com
Defiance Suite
Spectra Logic Corp.
www.spectralogic.com
BlueScale Encryption
Symantec Corp.
www.symantec.com
Symantec Backup Exec
WinMagic Inc.
www.winmagic.com
SecureDoc Enterprise Server
[IMAGE]
[IMAGE] [IMAGE] [IMAGE] [IMAGE]
[IMAGE]
[IMAGE]
Storing keys
There are a number of issues to consider when storing keys:
- Will they be stored on each client that needs to access the information, on a central server that requires authentication to release the key, or in a hardware device such as a smart card or USB key?
- How will you ensure that keys will still be available in five, 10 or 50 years when access to archived data is required?
- Will an authorized staffer be able to access keys in a disaster when servers must be rebuilt from encrypted backups without the original backup software or tape drive that did the encryption?
- How do you track what data was encrypted with which key, and where the key is stored?
Some enterprise-oriented backup products, such as Symantec Corp.'s Backup Exec and Veritas NetBackup, or CA Inc.'s BrightStor ARCserv Backup, can address these issues as long as you're not backing up platforms that aren't supported by the software or using different backup apps at other sites. Other specialized products, such as those from WinMagic Inc., provide enterprise-oriented storage of keys for encryption of workstation or server disk storage.
Most encryption-key management products from established vendors (see "Sampling of encryption-key management products," at right) offer substantial benefits compared to home-grown solutions (such as keeping the keys in an Excel spreadsheet or Access database), including:
- Automatic key management. Users don't create the keys themselves and can't inadvertently leak them because the keys are always encrypted.
- Strings to create keys are randomly generated.
- Keys used to encrypt backup keys are separate and distinct. Keys are never stored or transmitted in the clear.
- Keys are generated automatically and stored securely so they can be changed regularly.
- Provisions for distributed and clustered key management systems provide quick responses at any location when data needs to be accessed; if necessary, keys can be replicated so that the failure of one appliance won't result in data loss.
- Provisions for software-based recovery of encrypted data using keys stored on hardware (smart cards or USB keys).
- Reporting tools make it easy to associate keys automatically with specific backup tapes or encrypted stores.
|
 |
|
