Data security has emerged as a critical problem for large and small businesses alike. Corporations are obligated to protect their sensitive information (and the personally identifiable information of their individual clients) against theft and loss. Better security controls, carefully regulated tape storage, and superior authentication and rights management have made the incidence of security faults quite rare.
However, you needn't look hard to find highly publicised examples of lost tapes and hacked files leading to complex and expensive legal problems. Encryption is one means of protecting data against any loss -- even if a tape is lost or a server is hacked, sensitive data cannot be read. Encryption can also help to meet growing regulatory requirements for data protection.
But, encryption strategies are not the same for every organisation. When selecting an encryption scheme, companies should consider several factors: the point where encryption takes place, the amount of data being protected, key management processes, and the corresponding effect on performance and cost.
Over the next few days we'll cover this subject from several angles, but let's s start by identifying the core concerns when considering encryption.
Consider exactly what data needs to be encrypted. Not all data needs to be encrypted -- only personally identifiable information (a.k.a. names with birth dates and social security numbers), or other sensitive information types that are delineated by industry standards, government regulations, or common business practices. Reducing the encryption load can ease any impact on backup performance or media utilisation. IT should not make this decision in a vacuum; each major department of the company should be involved. For example, a good time to discuss the need for encryption is when setting retention policies for each file type.
Decide where to encrypt. Encryption can be implemented through a specific application when data is actually saved (such as Oracle), though that will only encrypt data for that specific application. The broader form of "source" encryption takes place at the backup server through the backup software such as EMC's Legato, Symantec's Veritas NetBackup and IBM's Tivoli Storage Manager. Both types of "source" encryption can impair its server's performance since encryption is CPU-intensive.
Data can also be encrypted at the media itself. For example, LTO-4 tape drives incorporate AES-256 bit encryption. This eases any performance impact on backup jobs, and provides protected tapes that can be sent offsite.
Finally, data can be encrypted in-flight using a dedicated security appliance such as Decru's DataFort , the StrongBox SecurDB from Crossroads Systems, or the CryptoStor family from NeoScale Systems. While dedicated appliances can be more expensive than software-only solutions, they typically offer superior performance by encrypting/decrypting data at line speed -- imposing little (if any) performance penalty.
Determine the impact of encryption on compression. Compression works by removing redundant elements of information from a data stream. Encryption, however, effectively randomises the data stream and removes all redundancy. If you implement encryption prior to compression, you will lose the compression feature in your drives or backup software. You then need more media to complete the backup or time to transfer across the wire. Increased media requirements will raise the cost and maintenance burden of any backup processes. Reducing the amount of compressed data (e.g., encrypting only selected data) can mitigate this issue, but implementing encryption after the compression process can also help.
Remember that encryption can affect performance. Encryption is a mathematical process, and when implemented in software, can demand significant processing power from the host server. This, in turn, can affect performance. Experts suggest that the penalty for software-based encryption products can reach 40-50%, depending on the type of encryption and the files being protected.
By comparison, a dedicated hardware encryption box might only impair performance by 10% or less. This means that encryption will take longer to process backups or conduct remote data transfers, posing a dilemma for storage administrators who already struggle with bloated backup windows and WAN bandwidth limitations. Most storage professionals resolve this quandary by encrypting only the most sensitive data.
Consider the implications of encryption key management. All encryption requires the use of a unique "key," which seeds the encryption algorithm. The key is also needed to decrypt the data later on when files are read from tapes or disks; encrypted data is effectively unreadable without the key. Companies must impose strict controls and policies (such as "key quorums") to ensure that only responsible storage professionals have access to the key.