The data explosion continues to drive the demand for increased storage capacity and a parallel need to secure that information. Companies are facing increased security threats from both within the organisation and externally.
A company’s data is one of its most valuable assets and organisations need to implement a thorough security plan taking all aspects of securing the data into account. Each point in the storage infrastructure provides a different security threat that must be dealt with using the most appropriate technologies available.
Some examples of these security domains include: data-in-flight; data-at-rest; authentication of devices and users; key management and end-to-end data integrity.
Receiving the highest levels of media attention is the domain of data-at-rest. It is particularly difficult, as well as critical, to protect data-at-rest which means data that is stored on a hard drive or other storage device.
It may be lost or stolen, sent back to the vendor for servicing, repurposed or simply disposed of because it is outdated. Either way most hard drives that leave the datacentre are operable and readable.
Even data striped across multiple drives in a RAID array is vulnerable as the segment size typically used in arrays is big enough to contain, for example, hundreds of names and National Insurance numbers in one segment.
Some datacentres hire professional services to dispose of decommissioned hard drives. However, the drives are still vulnerable, and the information on a hard drive that is sent offsite for secure disposal is as vulnerable as unsecured tape data leaving the datacentre.
Even if only one drive is lost or stolen, a company may be forced to pay millions of pounds in remedies for the compromised data.
In many countries around the world, law requires that a company publically disclose the loss or theft of sensitive data, however in the European Union (EU) if a drive containing sensitive data is lost or stolen, and a reasonable attempt has been made to encrypt the data, safe harbour laws in most cases do not require the company to disclose the loss or theft.
For the data-at-rest security domain, companies should consider the specific threat models that will possibly be encountered, and then choose the best methodology to protect against those threats. In the case of data-at-rest, there are several kinds of potential threats, which primarily deal with the drives leaving the users control.
One of the best solutions for protecting data-at-rest is to use standardised self-encrypting hard drives that automatically encrypt everything that is written to them.
This is a better solution than using a traditional hard drive and encrypting the data upstream from the drive. In this case, when the drive leaves the environment, the attacker can read the ciphertext at will, and use it as a hint to crack the encryption keys.
Self-encrypting drives prevent this method of attack, by not allowing any access to data until the drive is authenticated. Ciphertext is never exposed in a self-encrypting drive, and the only way to get at it would be through the use of destructive methods such as a spin stand.
Self-encrypting drives have no performance impact as the drives built-in encryption engines operate at full interface speeds and are very scalable.
When evaluating a data-at-rest encryption strategy another element to consider is the effort required to carry out data classification. This is especially true when we are talking about sorting through terabytes of information.
Furthermore the question remains how can you be sure you have found all the data and in fact that it has been encrypted? With self-encrypting drives, the drive automatically encrypts all data written to it reducing the amount of valuable time wasted on deciding what should and should not be encrypted.
Once authenticated, self-encrypting drives appear the same as non-encrypting drives to the storage infrastructure.
No changes are required to the applications which is in contrast with encrypting data upstream, which can impact storage system value add operations downstream such as de-duplication or compression.
Interoperability is also a major consideration. The encryption cipher is now tied to a disk drive rather than the application, operating system or storage controller.
Drives with different encryption algorithms can easily be added to an existing storage array, because the encryption algorithm is transparent to the system. Drives with new encryption technology can be combined seamlessly with older self-encrypting drives in storage systems.
The usage model for a self-encrypting drive is fairly straightforward. An authentication key from an outside source is required to unlock the drive for read/write operations.
This authentication key will typically come from either an enterprise key management server, or a local key management system, by way of the storage controller. After authentication is completed during power-up, encryption is transparent to the storage system, which can then perform its usual functions in a normal fashion.
Self-encrypting drives are a standards-based solution, and all drive vendors are participating in the Trusted Computing Group (TCG) standard for secure drive commands, which assures interoperability. It is expected that in the future, all drives will eventually be self-encrypting reducing organisations business risk.