Network Computing is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

What's the Key to Excellent Encryption?

Data security has become a primary concern for corporations and consumers alike. As identity theft becomes more pervasive, companies are held more accountable for the way they protect personal and corporate information. Many products and processes exist for encrypting information in flight as it travels through corporate networks and across the Internet, but this solves only half the problem. The other concern is how and when to encrypt data at rest.

Unfortunately, most applications and users cannot tolerate the latency and additional cost introduced by full-scale encryption of stored data. Therefore, storage managers must start with the basics and work up to maximize data security while maintaining operational and cost efficiency.

Here are some tips for efficient encryption:

  • Extend access controls to the storage infrastructure. Dont incorrectly assume that data residing within the "four walls" of the data center will remain safe as long as network and server access controls are in place. To secure data at rest, be sure all corporate access control policies, processes, and tools extend to the storage infrastructure as well.
  • Determine which datasets to encrypt. You can encrypt application data with disk encryption technology. However, this introduces additional latency and cost to the environment. It is therefore important to do a cost/benefit analysis based on corporate risk management priorities and data classification policies to help prioritize targets for encryption.
  • Encrypt data stored offsite. The most obvious security risk for the storage manager is data stored offsite, which is typically backed up onto tape media. Currently, data written to tape is almost never encrypted -- but it should be. There are mature products available for encrypting data as it is written to tape, including many backup software platform add-on modules. Again, this introduces additional latency and costs, and should be evaluated and prioritized on an application data-set basis, and validated against corporate risk management and data classification considerations.

— Tim Arland, Principal Consultant for Storage Solutions, Forsythe Solutions Group Inc.