Improving data security by protecting tape-based storage.Secondary storage provides for greater application availability, recovery, and business continuity. The vast majority of secondary storage solutions, including backup and disaster recovery, employ tape media. As this storage often transfers data to more locations and on dispersed mediums, the risks of unauthorized data access, theft, or corruption mount. Portable storage media, readily available internally and sent outside the protection of the data center, is inherently at risk to theft. The rapid increase of sensitive, trusted, and regulated data presents additional privacy measures, as is the case in recent security incidents. Moreover, the use of more distributed storage Storing data in multiple computers or in computers that are geographically dispersed. This was an early term for storage that evolved into SANs and storage virtualization. See SAN and storage virtualization. resources and immediate recovery solutions compounds the need for storage security to evolve beyond physical protection--else data access exposures could directly affect business recovery and liability. This paper will focus on "data at rest" issues and risk mitigation pertaining per·tain intr.v. per·tained, per·tain·ing, per·tains 1. To have reference; relate: evidence that pertains to the accident. 2. to tape media. DRIVERS Growth of Sensitive Data Secondary storage with sensitive, trusted and regulated data calls for greater due diligence Research; analysis; your homework. This term has caught on in all industries, because it sounds so "wired." Who would want to do analysis or research when they can do due diligence. See wired. in its protection. Sensitive data is information that is proprietary to an organization (e.g. financials, intellectual property). Trusted data is third party sensitive information provided to an organization which has an implied or direct fiduciary responsibility to protect that data (e.g. credit reports). Regulated data is information that must be protected due to legislative mandates at the Federal (e.g. FDA FDA abbr. Food and Drug Administration FDA, n.pr See Food and Drug Administration. FDA, n.pr the abbreviation for the Food and Drug Administration. ) or international levels (e.g. EU directive (European Union Directive) A set of privacy requirements that took effect in 1998 and ordered European member nations to enact compliant legislation. It deals with the establishment of Data Protection Authorities, people's rights to personal information and enforcement. ). Layers of Defense Tape media is considered the most reliable and most prevalent source for enterprise data recovery. While enterprises have implemented access controls and tighter infrastructure management provisions, such safeguards fall short of protecting the tape media itself. Firewalls, VPNs, and physical protection do not address the unique attributes of distributed stored data and tape media. Portability System backup tapes, which are small, portable, and typically stored outside the data center for off-site disaster recovery purposes, may be susceptible to unauthorized access, data theft, misplacement mis·place tr.v. mis·placed, mis·plac·ing, mis·plac·es 1. a. To put into a wrong place: misplace punctuation in a sentence. b. , or corruption. Most stored data on tapes are left in-the-clear on removable media In computer storage, removable media refers to storage media which can be removed from its reader device, conferring portability on the data it carries. A removable drive is a reader device for such media. that can be lost, stolen, or compromised. Unauthorized users have more time to readily read tape data, analyze confidential information Noun 1. confidential information - an indication of potential opportunity; "he got a tip on the stock market"; "a good lead for a job" steer, tip, wind, hint, lead , and in some cases, re-build entire systems. Tape loss is typically discovered long after it is recognized. Internal and Third-Party Access Third party access policies require owners of natural monopoly infrastructure facilities to grant access to those facilities to parties other than their own customers, usually competitors in the provision of the relevant services, on commercial terms comparable to those that would Controls Enterprises are looking at means to alleviate costs associated with storage management and capacity by leveraging outside service providers, which have access to storage resources--hence, increasing the risk of access to stored data. Additionally, storage administrators and service providers who manage and support backup processes/resources have greater knowledge about, and more immediate access to, this data. Privacy Compliance Legislation designed specifically for the financial, healthcare, and commerce industries introduce liabilities for enterprises that fail to ensure data privacy. Such mandates include the United States United States, officially United States of America, republic (2005 est. pop. 295,734,000), 3,539,227 sq mi (9,166,598 sq km), North America. The United States is the world's third largest country in population and the fourth largest country in area. legislation known as HIPAA (Health Insurance Portability & Accountability Act of 1996, Public Law 104-191) Also known as the "Kennedy-Kassebaum Act," this U.S. law protects employees' health insurance coverage when they change or lose their jobs (Title I) and provides standards for patient health, and GLBA GLBA Gramm-Leach-Bliley Act of 1999 (Financial Modernization Act of 1999) GLBA Gay and Lesbian Business Association GLBA Great Lakes Booksellers Association GLBA Glacier Bay National Park and Preserve as well as directives from the US and European Union European Union (EU), name given since the ratification (Nov., 1993) of the Treaty of European Union, or Maastricht Treaty, to the European Community (EC Data Privacy Directive). Mandates can range from tape data, to related metadata (detail about the creation and storage of data), to access logs being accessible over long periods of time. Examples include email, financial transactions, FDA regulated data (e.g. chemicals and biotechnology), and healthcare records. In summary, secondary storage presents new challenges to protect the media, reduce access risk, and further drive down management costs. Storage media protection and authentication (1) Verifying the integrity of a transmitted message. See message integrity, e-mail authentication and MAC. (2) Verifying the identity of a user logging into a network. controls at the storage system and media levels can provide strong barriers against unauthorized stored data disclosure, theft, and corruption. Given that sensitive data stored on removable media or virtualized tape subsystems can be stolen, tampered with, or corrupted, more safeguards must be put in place--namely, stored data encryption data encryption, the process of scrambling stored or transmitted information so that it is unintelligible until it is unscrambled by the intended recipient. Historically, data encryption has been used primarily to protect diplomatic and military secrets from foreign and authentication. PROTECTING TAPE MEDIA Backup and recovery are primarily a means for data preservation, not protection or defense against tape media access. In order to secure the tape media content, strong encryption An encryption method that uses a very large number as its cryptographic key. The larger the key, the longer it takes to unlawfully break the code. Today, 256 bits is considered strong encryption. As computers become faster, the length of the key must be increased. (i.e. 128 bit key length or longer) is utilized to convert clear data (plain text) into an unreadable form called ciphertext Data that has been encrypted for security purposes. See plaintext. (cryptography) ciphertext - Text which has been encrypted by some encryption system. Opposite: plaintext. , which cannot be deciphered without the decryption (cryptography) decryption - Any procedure used in cryptography to convert ciphertext (encrypted data) into plaintext. key. Equally important is key management, which determines how keys are created, implemented, protected, distributed, updated and terminated. A key is a value, that when applied to a Cryptographic algorithm, can be used for strong data encryption, authentication, and integrity. Any solution for securing tape media must provide a comprehensive approach that covers all locations and enables consistent enforcement of security policies. Solutions for tape media protection consist of the following: Securing the Backup Server A computer in a network used to store copies of files from client machines or other servers. Such servers typically have their disks set up in a RAID configuration to provide fault tolerance. See backup program, RAID, SAN and LAN free backup. : Putting data encryption on the server adds performance overhead--impacting application response and performance. Encryption keys would need to be protected and managed on the system(s)--a difficulty based on the number of hosts and their location(s). Backup applications--both on the local and remote recovery locations--must be decentralized de·cen·tral·ize v. de·cen·tral·ized, de·cen·tral·iz·ing, de·cen·tral·iz·es v.tr. 1. To distribute the administrative functions or powers of (a central authority) among several local authorities. to accommodate encryption and enforcement of security policies and processes. Securing the Tape Library: Implementing data protection at the tape library would add encryption to the media management and compression capabilities available in most libraries. If available, this may increase the library/system cost as well as form factor. Key management must also be taken into account as the tape library is generally not a secure platform and multi-vendor, remote, or third-party managed library systems would be even more difficult to manage. Securing a Storage Security Appliance Security appliances protect computer networks from unwanted data traffic, intruders, email spam, enforce policies, and may also be used to create and manage VPNs. There are a number of types of security appliances. : A tape media security appliance offers the benefit of performance, centralized management, protected/managed keys, flexible deployment, and seamless integration An addition of a new application, routine or device that works smoothly with the existing system. It implies that the new feature or program can be installed and used without problems. Contrast with "transparent," which implies that there is no discernible change after installation. with backup applications. The appliance can operate in a network path and can be flexibly placed before a SAN, NAS (1) See network access server. (2) (Network Attached Storage) A specialized file server that connects to the network. A NAS device contains a slimmed-down operating system and a file system and processes only I/O requests by supporting the popular , or DAS connected tape library. The purpose built tape media encryptor offloads the processing burden associated with media encryption with nominal latency and can centralize the security management function, which in turn, provides greater policy enforcement and solid key protection. SOLUTION CHARACTERISTICS Designing a tape storage media protection and authentication solution requires the following design factors: transparent operation, centralized security management, and data management/recovery. The following are considerations in each of these areas. Transparent Operation: Media protection is usually adopted when it is transparent. For storage media encryption to be applied and managed "invisibly", it requires compressing, encrypting, and authenticating stored data at the block level prior to being written to tape. It must also be taken into account the unique formatting and cataloging of the backup application. Performance: Implementation will dictate that security should not impede the performance (read-write data rates) of the tape device. Without adequate performance, backup windows will be affected or lost. Compression: A value-added feature in many tape libraries is the ability to compress stored data to increase capacity. The encryption process "flattens" data sets, which ultimately affects compression rates. This requires the security device to support compression options prior to encryption. Compatibility: Storage media protection can be accomplished at different points including application software, controllers, host adapters, and storage devices. Such implementation can pose compatibility issues--besides placing an additional burden on the storage administrator. Applying storage media protection as an in-line service shields it from the host storage boundary and can be readily deployed independent of the application, subsystem, vendor, application, or other media management tasks. Unobtrusive: The system cannot affect the way administrators configure backup/restore, tape labeling, or cataloging. Operators must be able to perform their tasks normally. Securing stored data should be policy-driven and such policies must be made in terms that the operator understands; such as volumes and pools. If such policy-driven functionality can be deployed both centrally and at remote sites, distributed tape controls can be cost-effectively executed. The benefit of transparent operation for backup and storage administrators is the ability to incorporate storage security into their functions without compromising data recovery or normal operating policies, processes, and procedures. Centralized Security Management Remote and local administration will require authenticated au·then·ti·cate tr.v. au·then·ti·cat·ed, au·then·ti·cat·ing, au·then·ti·cates To establish the authenticity of; prove genuine: a specialist who authenticated the antique samovar. user access, role-based privileges, and proven crypto key processing. Role-based privileges: Authorization determines if a user can monitor the system as well as recover keys/policies and create rules and encryption keys. Administrators will need to scale to support both simple environments (where the security officer and storage administrator are the same), as well as more complex, diverse models with delegated authority Delegated authority is an authority obtained from another that has authority since the authority does not naturally exist. Typically this is used in a government context where an organization that is created by a legitimate government, such as a Board, City, Town or other . Key Automation: The system should be able to generate or accept a set of master keys according to according to prep. 1. As stated or indicated by; on the authority of: according to historians. 2. In keeping with: according to instructions. 3. recognized security standards and proven public algorithms. Master keys can be used to protect the encryption keys and to authenticate (1) To verify (guarantee) the identity of a person or company. To ensure that the individual or organization is really who it says it is. See authentication and digital certificate. (2) To verify (guarantee) that data has not been altered. as well as check the integrity of the appliance policy. The media encryption rules and associated encryption keys create the system policy. The appliance should protect all keys by digitally encrypting the rule keys, encrypting and authenticating the system policy, and authenticating administrative access. This simplifies the number of keys to be managed and used to recover encrypted data. Secure Key Storage: The system should monitor chassis access to ensure that if an attempt to physically access the unit occurs, the result would be the automatic zeroing-out of all encryption keys. The use of visual cues (e.g. labels, displays) should also indicate if there has been evidence of tampering tampering The adulteration of a thing. See Drug tampering. . By centrally controlling storage protection policy and delegating tasks using proven best security practices, rules and defenses can be consistently implemented, audited, and maintained. Data protection must take into account storage media attributes and backup processes. Key Protection: Since the media is typically removable, remote and / or persistent, data protection will require unique keys that are associated with individual media (e.g. each tape). Keys will need to be mapped to media catalog data (which is vendor specific) or they can affect long-term archival recovery. Key Life: Encryption keys, by necessity, will have a longer life thus, they will require protection against brute force attack The systematic, exhaustive testing of all possible methods that can be used to break a security system. For example, in cryptanalysis, trying all possible keys in the keyspace to decrypt a ciphertext. See dictionary attack. See also brute force programming. (e.g. 56-bit DES won't suffice) and offer re-keying options (replacing an original key used in data protection with a new key). Key Binding: The system should facilitate binding key information to the media. Therefore, the media can be independently managed after encryption. This process will allow for much greater protection and streamlined recovery, regardless of storage duration. Distribution: It is likely that backup systems are distributed; it is imperative that storage security be remotely manageable and protection should not materially impede recovery or accessibility. As mentioned above, the policy (containing rules and associated keys) must be encrypted and digitally hashed to enable secure export to a remote smartcard(s) or directory(ies). Integrity: Stored data encryption should eliminate integrity issues by authenticating tape media at the block level. This process further complements the backup application's responsibilities of ensuring the integrity of data stored. Recovery: The distributed nature of storage would also mandate a secondary appliance or a software-only means to recover encrypted data. This mandates a process, which facilitates authorized users (credentialed users with associated master key pair and optional policy file) to be able to recover encrypted stored data should the appliance fail either locally or remotely. Protection Benefits The range of applications that provide storage media protection and authentication solutions for tape back-up are broad. Below is a list of benefits: Eliminate data theft and liability risks: In the event a tape is lost or stolen, deleting the encryption key makes the information unreadable inside or outside of the company. Shared / Managed Tape Resources: Storage pooling or tape vaulting vaulting Gymnastics exercise in which the athlete leaps over a form that was originally intended to mimic a horse. At one time, the pommel horse was used in the vaulting exercise, with the pommels (handles) removed. vendors can be leveraged without worry of misuse of the information. Compliance with eCommerce, Healthcare, FDA, EU and other privacy legislation: Compliance with regulatory and legal mandates avoids costly and embarrassing disclosures. Summary Tape media and virtualized tape systems play a vital role with ensuring business continuity and protection of enterprise data. Secondary storage was once considered remote and isolated from external forces. That is no longer the case given the greater accessibility associated with highly distributed and networked storage infrastructures; the use of third parties for data recovery; and business continuity and data processing data processing or information processing, operations (e.g., handling, merging, sorting, and computing) performed upon data in accordance with strictly defined procedures, such as recording and summarizing the financial transactions of a . Storage media protection and authentication functionality ensures that secondary storage can meet the recovery needs of enterprises without the risk and expense of unauthorized data access. By NeoScale Systems, Inc. NeoScale Systems, Inc. is located in Milpitas, CA www.neoscale.com |
|
||||||||||||||||
Printer friendly
Cite/link
Email
Feedback
Reader Opinion