Storage Encryption
Encryption is the surest way for an enterprise to confidently secure its mission critical data. For many organizations this begins with protecting data stored on archival tape, and encryption mitigates the risk associated with tapes being lost or stolen while in transit.
Tape media is considered the most reliable approach for enterprise data recovery but it presents unique data security challenges - data stored on removable media can be lost, stolen or compromised. With tapes stored in off-site facilities and frequently being physically transported tighter operational controls can certainly help, but ultimately the tape media itself, and therefore its contents, remain unprotected. This means that unauthorized users can readily read tape data, access confidential information, and even rebuild entire systems - without a trace. The greater the availability and sensitivity of backup data, the greater the risk. The use of encryption can greatly reduce that risk, providing the appropriate key management processes are in place.
Tape encryption raises specific challenges in relation to key management, including:
• Long term data archival – The archival of encrypted data creates the need to archive encryption
keys for equally long periods of time. The long-term availability of keys is vital for ensure future
recovery of encrypted data.
• High grade data security – The encryption of data focuses the attention of a would-be attacker
on the encryption keys rather than the data itself. Key management systems create a natural
honey-pot for key theft attacks and therefore require high levels of physical and logical security.
• Secure access and approval controls for administrators – Data recovery naturally becomes a
critical-security function requiring strong authentication of administrators and dual control
(shared responsibility) for key management tasks.
• Secure audit – All key management activities associated with tape backup and recovery require
strong audit logging to satisfy internal security policies, compliance audits and forensic
investigations. All audit logs should be tamper resistant and of proven integrity.
• Support for multiple locations - Data archival and recovery are frequently performed in
geographically different data centers and create a requirement to distribute keys securely to
multiple locations from a central key vault.
• Fast response – Tape recovery is frequently performed in response to time-critical situations.
Key management systems need to provide near-instant access to recovery keys and delivery to
recovery locations.
nCipher solutions for tape encryption and storage key management
Secure Tape Encryption
The CryptoStor Tape solution delivers enterprise-class data protection and privacy for tape media and virtual tape. An easy-to-deploy high speed security appliance, CryptoStor Tape selectively compresses, encrypts, and cryptographically authenticates data on tape media - without disruption to existing backup processes. The result? Data stored on removable media is safe and secure from loss or theft.
Storage and Enterprise Key Management
If your organization has already deployed the latest generation of tape drives that include embedded encryption capabilities, such as the IBM LT04 series, nCipher provides a world class key management system, keyAuthority, that integrates with tape drives and vendor specific encryption management systems.
keyAuthority strengthens key management for encrypting tape drives:
• Adds hardware-based key generation, secure archive and key life-cycle management functionality.
• Enhances scalability: multiple data-centers and libraries have access to a central key repository.
• Supports portability of tapes between data centers.
• Enables best practice key management practice to be applied to tape environment.
• Proven integration; short proof of concept and deployment projects.
|
netHSM