Insider: Encryption Means Planning

Encryption is vital to protecting a company against data loss, theft, and malicious activity. But many IT pros could be facing a crisis when it comes to encryption for storage networks.

According to the latest report from Byte and Switch Insider, this publication's subscription research service, storage networking increases the vulnerability of stored enterprise data to both external and internal attacks. Storage networks foster multiple entry points from multiple hosts with different operating systems.

Encryption, while not a complete security solution by itself, goes a long way toward ensuring data safety. But the report, "Storage Encryption: State of the Art," notes that problems surrounding the enforcement of encryption could, ironically, threaten the security of many organizations.

For one thing, deciding what to encrypt can be a major stumbling block. Unless an IT manager can identify the data that really needs to be encrypted, when it needs to be encrypted, and who should have access to it, encryption can quickly become unmanageable.

The reason for this is simple: More data means more encryption keys need to be issued to protect it. These keys are the digital signals needed to ensure data can be turned into unreadable code and then translated at the right time by the right folks. Thus, involving more users requires more keys. Provisioning all of this can become an administrative nightmare. If keys wind up being manually managed, which the report notes is increasingly common, gaps can arise that expose data to security holes and errors.There are moves to increase the use of encryption in storage devices, and there is talk to making storage security appliances such as those from NeoScale or Decru the focal point for key management. (See All Keyed Up With NeoScale.) But this approach is still nascent, and it's not clear exactly how it will play out in terms of standards and actual products.

Users are best advised, the report states, to set policies on data encryption carefully up front. Once this is done, performance considerations and costs can be factored. There are many of these. The report lists twelve points to ponder in choosing a strategy.

Software encryption, which is far cheaper than hardware encryption, for example, can take up more than 10 percent of a server's CPU cycles, making it a performance hog. Hardware encryption appliances are costlier, typically starting at $25,000, but they typically perform better than software tools.

While deciding how best to deploy storage network encryption, users must keep in mind that encryption is part of a larger whole. By itself, it cannot meet regulatory compliance needs or ensure data protection. But if IT pros take thorough steps up front to ensure the right choices, encryption can take data security a long way in the right direction.

Mary Jander, Site Editor, Byte and SwitchCompanies mentioned in this report include: