Storage Management Strategies for the CIO
However, using storage encryption technologies presents some challenges. In order to deploy encryption of stored information, IT customers require several features:
- Secure storage and availability of keys used to encrypt stored data, perhaps for as long as ten years.
- Protection of stored data against unauthorized modification, or, at a minimum, detection of such modifications.
- Availability of software for decrypting the data, for the same period of time. By software, we mean the code of the algorithm that was originally used to encrypt the data. Some customers may also want to be assured that the software for decryption would indeed work 5-10 years later, thereby requiring frequent testing.
Requires Free Membership to View
hands. A simple approach is to store the key in the server. However, that defies a key goal, since if the key is in the server, the attacker can steal the server and break the coded secret keys. The attacker can try brute-force attacks since he has almost unlimited time. An interesting approach is used in IBM's ICSF (Integrated Cryptographic Service Facility), which stores the "master key" in a secured hardware module in the mainframe. The module destroys the secret key if it is accessed in an unauthorized manner. The master key is used to encrypt other encryption keys. The second goal can be accomplished by implementing a data integrity scheme. The third goal is more difficult. Encryption technologies are aging fast. Encryption algorithms are being retired quickly to prevent brute force attacks that may be accomplished in a short time. Last July, NIST announced that DES encryption was inadequate for use in software products sold to the government. The aging of encryption algorithms may inhibit the availability of decryption software at a later time.
So the choices for IT customers are difficult. Customers need complete solution for their storage encryption, before they encrypt their critical information. Encrypted information may become useless if it cannot be decrypted. So in the absence of a complete solution, IT customers have the following choices:
- Accept the above exposures, and deploy encryption with as many features that address above exposures. Implement strict processes and procedures that address above exposures. This option may be necessary if your data is highly sensitive.
- Implement best practices to protect clear-text data without encrypting it. Such practices may include stricter access control and authorization processes. This option may be deployed especially if deploying encryption is significantly more expensive than the best practices, and the data is critical but not highly sensitive.
This was first published in February 2005
Join the conversationComment
Share
Comments
Results
Contribute to the conversation