Encryption Convolution

by James Gaskin

August 10, 2006 —

Listen to the column "Encryption Convolution", or visit our Podcast Center to hear more by James Gaskin.

Get ready for the US Congress to help the IT business with some new regulations soon. After being embarrassed by the VA laptop fiasco, when unencrypted government data wandered the countryside, our federal leaders now consider themselves data security experts and will soon start passing laws.

We talked about laptop security back in May, so let's look at your backup security. Now's the time to amend your 2007 budget for better backup encryption, management, and storage protection, because corporate data backups are now targets of the federal meddlers.

The Disk to Disk to Tape products from Breece Hill (.com) make sense to me for middle to large companies as well as departments and remote offices. Combining a terabyte or more of online disk plus tape autoloaders in the same box provides two of the three critical backup requirements today: fast backup and restore from local hard disks, and tapes for offsite storage. What's missing? Encryption for the backup data.

Hardware vendors point to the backup software vendors for encryption support, and that makes sense. How about your backup software? Does it encrypt data on your local backup appliance hard disks? Does it encrypt data on tapes used for backup and archiving? If you're in a multi-location company and send tapes back and forth, how do you send the encryption keys between locations? And Breece Hill type systems, with both fixed and removable media, will require an extra encryption control layer to keep the local encryption keys separate from the keys used on tape cartridges.

Corporate desktop folder encryption took a hit recently when Microsoft pulled their new Private Folders encryption option. Users could designate individual folders as private and encryption kept them safe. Unfortunately, Microsoft didn't have enterprise support desks in mind, since they had no back door or remote unlock capability. Hello, Microsoft, have you ever known a large group of users who all remembered their passwords?

But this trend for data security will continue, including down to individual users. Corporate laptop users need disk encryption, but will that conflict with your user backup systems when those laptops are in the office?

It's going to become encryption convolution out there. Let's hope Congress doesn't "help" us too much and aggravate the problem even more.

ITworld.com