Storage Tip: Choosing what data to protect with encryption
Send your Storage question to David Hill today! | See other Storage tips from David
What seems to be the problem? The traditional purpose of data protection has been to ensure business continuity, i.e. keep critical business processes running. The loss of availability of key applications can have a negative impact upon revenues and the bottom line. A newer issue is the data governance concern of loss of confidentiality of data, such as the exposure of large numbers of social security and credit card information that can lead to identity theft. Consequently, the new concern is to keep a company's name out of the media because of a security breech that involves the possible loss of personal confidentiality information. Negative publicity can have a negative impact upon revenues and stock price. Administrators are therefore understandably eager to ensure that a data security breech involving the loss of confidential information does not occur on their watch.
What do you need to know? Encryption is being examined as a possible solution to the problem. The benefit of course is that encryption does prevent data from loss of confidentiality. However, there are some challenges that have to be examined and clearly thought through before encryption can be deployed. The most important one is key management. How the keys are going to be managed for the life of the data (which can be a very long time) is critical. If the key to data is permanently lost, so is the data.
Before enterprises decide how to encrypt, they must understand what to encrypt. One approach is to encrypt everything, but that can run into a number of challenges. Foremost is of course key management. Doing targeted encryption, say laptops, tape media, and in-flight transmissions, is one thing, but including all at-rest application data is a far different matter. Key management is much more critical. But that is not the only challenge. Data must be decrypted before being useful. Are there any performance or management issues that arise from decryption that would have to be resolved? Moreover, encryption is not necessarily free, for example, encryption appliance costs might have to be factored in.
So decisions must be made on what needs to be encrypted. Does production data have to be protected? For example, does fixed location data, such as in a data center or on desktops have to be protected? What about mobile devices and that can include laptops, PDAs, cellphones, and memory sticks?
Sign up for ITworld's Daily newsletter
Follow ITworld on Twitter @IT_world
Esther Schindler
If the comments are ugly, the code is ugly
claird
SVG a graphics format for 21st century
pasmith
Take Chrome OS for a test spin
Sandra Henry-Stocker
Solaris Tip: Have Your Files Changed Since Installation?
jfruh
Android fragments vs. the iPhone monolith
mikelgan
What Gizmodo missed about the Pro WX Wireless USB disk drive
Sidekick: The Good News & the Bad News
Either way you look at it Microsoft Data Center management did not follow standards or best practices in this failure. In which case it makes me wonder more about the outsourcing of corporate data much less personal data.
- mburton325
Join the conversation here
Quick, practical advice for IT pros. Made fresh daily.
Want to cash in on your IT savvy? Send your tip to tips@itworld.com. If we post it, we'll send you a $25 Amazon e-gift card.
