Evaluate Weigh the pros and cons of technologies, products and projects you are considering.

Choosing the best way to encrypt data

Besides storing the media in a safe place, what security preparations would you recommend someone use who is planning to archive data for more than 10 years? Specifically, I would like to encrypt the data and I am wondering about the best choice of algorithm, key generation and length, and key management.

Before answering your question, I would suggest you analyze the "safe place" for the media storage. Is it just (only) physically secure or do you have intercepts such as firewall and intrusion detection protections?

Back to your question - for data archive, encryption is the first step. Here, the challenge is the storage of keys for long periods of time. One approach is to let the customer own and retain the keys - which can be done on some of the smart cards. However, key storage, both the number of keys and the duration of key storage, can pose a challenge. For encryption algorithms, 3-DES in CBC mode is commonly recommended for storage data (of course, it all depends on how secure you want your data to be). AES in CBC mode is another possibility. DES in CBC mode is now considered weak.

The next step after encryption is the support for ensuring data integrity using digital signature technologies. While encryption protects the confidentiality, it does not ensure integrity of the data.

There are also some aspects of the recent HIPAA regulations that specify certain levels of security for the healthcare records. You may want to consider that for your data archives.

Finally, you must develop and enforce sound security policies that meet the customer requirements.

Sorry, there are other considerations too, but this should give you the high level picture.

Editor's note: Do you agree with this expert's response? If you have more to share, post it in our .20PdajkXdac^0@.ee83ce2!viewtype=&skip=&expand=>Administrator Central discussion forum.

Dig Deeper on Secure data storage

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.