Let's Bring Sanity to Disk Encryption

2:30 PM -- I think I've made it clear here and on the InformationWeek Backup and Business Continuity blog that I believe in encrypting tapes and other data-bearing media whenever it leaves the data center. However, when the professional paranoid types that run most corporate information security groups started issuing edicts that all disks be encrypted, even those that never leave the data center, I was to, say the least, skeptical.

I argued that it was unlikely that someone would break into the data center, through a series of doors with card access systems and video cameras, and then steal the disk drives out of a server or RAID array. If he were daring, and strong, enough to steal the whole server, the encryption wouldn't provide any greater security since the server would have to have the encryption keys to be able to run.

When they said "We have our reasons and have selected to use a Fibre Channel encryption appliance from Neoscale or Kasten-Chase", I made them work. When Neoscale and Kasten-Chase went belly up, I helped my clients to install Decru/NetApp replacements and migrate all their data from logical disks encrypted with the old solution to logical disks encrypted with the new one. I was, however, grateful that as a consultant I was being paid by the hour.

Lest I sound too cynical, I do recognize of course that there is one good reason for full disk encryption in the data center, preventing data on discarded, damaged, and disabled drives from falling into the wrong hands. While most organizations today have cabinets or closets full of disk drives awaiting secure disposal, they could toss encrypted drives in the trash or return them to the vendor for warranty replacement without worry.

Given the cost and complexity of today's solutions, I'm not sure solving the drive disposal problem is a good enough reason to invest in SAN encryptors. Now that the Trusted Computing Group has come out with standards for self-encrypting drives, with separate specs for laptop-orientated and enterprise drives, and all five drive manufacturers have endorsed them, a new and better solution should soon emerge.Array manufacturers should build support for self-encrypting drives into the firmware of their RAID controllers. The RAID controller holds the encryption key for each drive. Since we don't expect to be able to move drives from one storage system to another and use the data on the drive, each storage system can be its own key management domain with no need for an enterprise key management infrastructure. The overhead of storing encryption keys for several hundred drives, and retrieving them on array startup, should be minimal. The real work of encrypting and decrypting data happens in each drive, so it is the job of Seagate or Hitachi Global Storage Technologies to make it fast.

Find out more about innovative storage. InformationWeek and Byte and Switch are hosting a virtual event on this topic on March 25. Sign up now (registration required).

Howard Marks is chief scientist at Networks Are Our Lives Inc., a Hoboken, N.J.-based consultancy where he's been beating storage network systems into submission and writing about it in computer magazines since 1987. He currently writes for InformationWeek, which is published by the same company as Byte and Switch.