The issue of encrypting stored information is surfacing again, thanks to incidents like a recent theft at a large bank, in which four servers containing names, addresses and social security numbers of thousands of mortgage and student-loan customers were stolen. Such crimes aren't cheap: According to the Attorney General, identity theft alone costs the U. S. Economy an estimated $50 billion a year.
However, using storage encryption technologies presents some challenges. In order to deploy encryption of stored information, IT customers require several features:
- Secure storage and availability of keys used to encrypt stored data, perhaps for as long as ten years.
- Protection of stored data against unauthorized modification, or, at a minimum, detection of such modifications.
- Availability of software for decrypting the data, for the same period of time. By software, we mean the code of the algorithm that was originally used to encrypt the data. Some customers may also want to be assured that the software for decryption would indeed work 5-10 years later, thereby requiring frequent testing.
The second goal can be accomplished by implementing a data integrity scheme. The third goal is more difficult. Encryption technologies are aging fast. Encryption algorithms are being retired quickly to prevent brute force attacks that may be accomplished in a short time. Last July, NIST announced that DES encryption was inadequate for use in software products sold to the government. The aging of encryption algorithms may inhibit the availability of decryption software at a later time.
So the choices for IT customers are difficult. Customers need complete solution for their storage encryption, before they encrypt their critical information. Encrypted information may become useless if it cannot be decrypted. So in the absence of a complete solution, IT customers have the following choices:
- Accept the above exposures, and deploy encryption with as many features that address above exposures. Implement strict processes and procedures that address above exposures. This option may be necessary if your data is highly sensitive.
- Implement best practices to protect clear-text data without encrypting it. Such practices may include stricter access control and authorization processes. This option may be deployed especially if deploying encryption is significantly more expensive than the best practices, and the data is critical but not highly sensitive.
This was first published in February 2005