March 27, 2007, 11:41 AM — Send your Storage question to David Hill today! | See other Storage tips from David
What seems to be the problem? The traditional purpose of data protection has been to ensure business continuity, i.e. keep critical business processes running. The loss of availability of key applications can have a negative impact upon revenues and the bottom line. A newer issue is the data governance concern of loss of confidentiality of data, such as the exposure of large numbers of social security and credit card information that can lead to identity theft. Consequently, the new concern is to keep a company's name out of the media because of a security breech that involves the possible loss of personal confidentiality information. Negative publicity can have a negative impact upon revenues and stock price. Administrators are therefore understandably eager to ensure that a data security breech involving the loss of confidential information does not occur on their watch.
What do you need to know? Encryption is being examined as a possible solution to the problem. The benefit of course is that encryption does prevent data from loss of confidentiality. However, there are some challenges that have to be examined and clearly thought through before encryption can be deployed. The most important one is key management. How the keys are going to be managed for the life of the data (which can be a very long time) is critical. If the key to data is permanently lost, so is the data.
Before enterprises decide how to encrypt, they must understand what to encrypt. One approach is to encrypt everything, but that can run into a number of challenges. Foremost is of course key management. Doing targeted encryption, say laptops, tape media, and in-flight transmissions, is one thing, but including all at-rest application data is a far different matter. Key management is much more critical. But that is not the only challenge. Data must be decrypted before being useful. Are there any performance or management issues that arise from decryption that would have to be resolved? Moreover, encryption is not necessarily free, for example, encryption appliance costs might have to be factored in.
So decisions must be made on what needs to be encrypted. Does production data have to be protected? For example, does fixed location data, such as in a data center or on desktops have to be protected? What about mobile devices and that can include laptops, PDAs, cellphones, and memory sticks?
Then we have to turn our attention to data protection copies. Do those copies, such as disk-based backups and tape backups have to be encrypted if they are not going to be moved out of a secure environment, such as a data center? Will access controls be enough protection? Is there any data whose confidentiality must (as opposed to just desirable) be preserved even from unauthorized internal personnel, such as data center staff?
The story may be entirely different for data protection copies -- think tape cartridges -- that must be physically moved between the site where they are created and the site where they are stored for data protection purposes. A company may very well not want confidential data exposed any time that it is out of the safe confines of a data center.
What can you do about it? You can see that you have a lot of territory to cover in trying to determine what data needs to be protected with encryption. Now I know that the word "plan" is considered to be a four-letter word among the ready-fire-aim school of management. However, planning what to do about encryption should be part of an overall data governance planning process that can also address such issues as data quality and master data management as well as how to meet the requirements for responding to the changes in the Federal Rules of Civil Procedure for civil litigation. A comprehensive, rather than a piecemeal attack on the issues of data governance is likely to generate greater efficiency and effectiveness for an IT organization. The alternative is the risk of either using encryption that is not well-thought out (exposure to loss of keys in either the short or long run) or not encrypting and continuing to face unacceptable potential exposure of loss of confidentiality. Planning may not be easy, but it is the way to go.
