Encryption: secure encrypted backups by careful key management; Second article in a series on encrypting backed up data stored to tape or other mobile media.When it comes to encrypting your backup data: Encryption The reversible transformation of data from the original (the plaintext) to a difficult-to-interpret format (the ciphertext) as a mechanism for protecting its confidentiality, integrity and sometimes its authenticity. Encryption uses an encryption algorithm and one or more encryption keys. is easy. Key management is hard. The (forgive the pun pun, use of words, usually humorous, based on (a) the several meanings of one word, (b) a similarity of meaning between words that are pronounced the same, or (c) the difference in meanings between two words pronounced the same and spelled somewhat similarly, e.g. ) key to encryption is managing keys. Key management falls into two interrelated in·ter·re·late tr. & intr.v. in·ter·re·lat·ed, in·ter·re·lat·ing, in·ter·re·lates To place in or come into mutual relationship. in categories: procedures (involving people) and software (supplied by your encryption solution). The two are interrelated because the people aspect of handling keys is in part governed by the key management features supplied by the encryption solution. First: Decide on the Right Balance Before you can implement encryption, you need to define the level of security that's right for your site. More security typically means more steps and more processes because complexity helps keep keys secure. That security needs to be balanced with ease of use, because too much of either leaves data unprotected. If it is just too hard to track keys, someone will stash stash Drug slang noun A place where illicit drugs are hidden keys a CD or USB USB in full Universal Serial Bus Type of serial bus that allows peripheral devices (disks, modems, printers, digitizers, data gloves, etc.) to be easily connected to a computer. device and stick it in a drawer near the library. Then your data is truly at risk. As a case in point, look at how network and system password use has evolved. When passwords were just becoming ubiquitous, every system required a user to set a separate password that then had to be changed frequently. Users couldn't keep track of that many passwords, so users would write passwords on sticky notes stuck on their monitors. That rendered password protection pointless--the security measures Noun 1. security measures - measures taken as a precaution against theft or espionage or sabotage etc.; "military security has been stepped up since the recent uprising" security actually reduced the level of security. Practices have now evolved so that, typically, administrators require the use of passwords judiciously ju·di·cious adj. Having or exhibiting sound judgment; prudent. [From French judicieux, from Latin i : often, a single password provides access to more systems. It may appear to be less secure--but in fact, this method ends up being more secure, since passwords aren't posted for easy theft. This same balance needs to be struck to keep encrypted en·crypt tr.v. en·crypt·ed, en·crypt·ing, en·crypts 1. To put into code or cipher. 2. Computer Science backups secure. Managing Complexity by Adding Flexibility Regardless of how you implement encryption, this rule stands: it's harder to compromise data security when it takes more steps to access the data. The more steps, the more secure the data. To balance security with ease of use, make sure the encryption solution you select lets you tailor security options to some degree, so that you can adjust security to meet the needs and capabilities of your organization. This is especially important if your site's security requirements may change--and change usually means more security, not less. Common Sense Musts: Protect the Key Value, Store Key Copies Your encryption solution should have the capability to completely mask the true key value, so that the true key value does not ever need to be revealed to or accessible by an end user, and is never stored as clear text by the encryption application itself. At the same time, the encryption solution needs to help you associate encrypted data with its key and you need to be able to track the key. You need to simultaneously reference and hide the key, and also associate the hidden key with data. Your encryption processes need to support secure storage of copies of keys--away from the data they encrypted. Look for software features that let you securely export keys so that they can be stored elsewhere. To summarize sum·ma·rize intr. & tr.v. sum·ma·rized, sum·ma·riz·ing, sum·ma·riz·es To make a summary or make a summary of. sum : to protect data, you need good key management software and enforceable key management processes. Key Management Software Features Make sure the software protects the true key value--i.e. all 256 bits, in the case of AES-256 bit encryption * Software feature: Provide a method of referencing a key without revealing its value. Also, check to make sure that your encryption solution does not store the key value in cleartext--for example, in a file or database in the application itself, or (of course) on the tape with the encrypted data on it. * External process: Track key nicknames and know enough about each key so you can use it to decrypt To convert secretly coded data (encrypted data) back into its original form. Contrast with encrypt. See plaintext and cryptography. data. Make sure your solution exports the key in encrypted form only. * Software feature: Make sure the key value isn't revealed when you create copies of the key for storage. For example, SpectraLogic's BlueScale Encryption solution encrypts key copies (exported keys that can be stored elsewhere) using a pass-phrase chosen at export time. This creates a one-way hash of the true key value. Then you can store the encrypted key to a USB device, which can be shipped. * External processes: A process that securely tracks the pass-phrase associated with the copy of the encrypted key, so you can have the pass-phrase available to import the key and decrypt the associated data when needed. A process for escrowing keys is defining a secure place to store keys, a method of getting the keys there, and a way to track the keys to know where they are. Spectra Logic offers key escrow In cryptography, placing a secret key into the hands of a trusted third party. See key management. (security) key escrow - A controversial arrangement where the keys needed to decrypt encrypted data must be held in escrow by a third party so that government agencies can services through partners for this service. Make sure the key is secure, yet linked to the data it encrypted * Software feature: It's a really bad idea to store the cleartext key with the data that the key encrypted. At the same time, you need to be able to identify the key used to encrypt See encryption. the data. The Spectra solution stores on tape the key nickname (1) An alternate name used to identify yourself in a chat room. (2) A shortcut for identifying a recipient in an e-mail address book. (moniker (1) A name, title or alias. See alias. (2) A COM object that is used to create instances of other objects. Monikers save programmers time when coding various types of COM-based functions such as linking one document to another (OLE). See COM and OLE. ) associated with the data. The moniker itself is useless in decrypting data, of course; but it does point you to the key required for data restores. * External process: A process for tracking key monikers as well as pass-phrases used if the key was exported, so that you can easily identify the location of each key and its pass-phrase, and access these so you can restore a specific encrypted data set. Make sure you can tailor security to suit your site. * Software feature: Optional features--which let you customize security--help you keep your data protected. For example, for exported keys, you can require what is sometimes referred to as M of N shares--N keys are exported (for example, copied to a USB device), but only a subset (M) of the keys are required to import the key. For example, you can specify the N shares to be three, and M to be two. The software splits the key across three USB devices, at which point you can hand one USB key (1) An alternate term for a flash memory-based USB drive. See USB drive. (2) A flash memory-based USB drive that is used to identify and authenticate a user. See authentication token. to each of three chief officers of your organization. Because M is two, only two of the three USB keys need to be supplied to import the key. Another optional feature: a choice of security modes on library start-up--that is, you may want to enable encryption features at start-up, or only after an encryption user logs on. * External processes: Tracking how many USB devices or key copy subsets are necessary to import a key, and who has ownership of each. Encryption and Key Management Whether you want to or not, you'll have to deal with encrypting stored data, likely sooner rather than later. This protects your organization from liability in the case of lost or stolen backup tapes See tape backup. and helps you meet legal requirements. Implementing encryption is only now becoming practical and affordable--and that's good timing. Now that encryption technology is emerging as a viable solution, organizations are increasingly being encouraged, and often mandated, to use it. Matt Starr is CTO (Chief Technical Officer) The executive responsible for the technical direction of an organization. See CIO and salary survey. , Spectra Logic Corporation (Boulder, CO). www.spectralogic.com |
|
||||||||||||||||||
Printer friendly
Cite/link
Email
Feedback
Reader Opinion