Network Computing is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Storage Encryption Poses Management Challenges

There are plenty of reasons why businesses and other enterprises should embrace encryption. First, there is a steady stream of data breaches, including high-profile incidents. Then there's the growing number of state laws that require disclosure of data breaches and increasingly strict government regulations, such as the Payment Card Industry Data Security Standard (PCI DSS), which mandates the security of credit card account information.

Yet, when it comes to encrypting stored files, databases, and backup tapes, it's just not as simple as flipping a switch from unencrypted to encrypted. Encryption technologies bring an additional layer of complexity as the cryptographic keys need to be managed and secured, and encrypted data is much more difficult for administrators to manage than data that is not encrypted.

"While it sounds easy to just simply encrypt everything, key management is not always that straightforward," says Eric Ogren, founder and principal analyst at security research and consultancy The Ogren Group. "Keeping track of all of the keys that are issued, revoking them when necessary, and figuring a way to store security store them isn't trivial."

There are a handful of vendors that provide encryption and key management appliances that aim to ease the management burden. For instance, keyAuthority from nCipher Corp. Ltd. , NetApp Lifetime Key Management from NetApp Inc. (Nasdaq: NTAP), and Vormetric Data Security from Vormetric Inc. help to automate key management and provide an audit trail of what storage devices are encrypted to ensure adherence to internal data security policies and government and industry regulations. Generally, these appliances reside on the network, store the cryptographic keys, and provide the encryption engine. When users attempt to access data, the appliance will authenticate the user, grab and decrypt the data, as well as provide audit-able logs of much of the process.

Recently, Metabank, a bank serving Iowa and South Dakota based in Storm Lake, Iowa, sought a way to better encrypt and protect sensitive information it maintains on customers, as well as credit card information as mandated by the PCI DSS. For instance, PCI DSS requires that credit card data be encrypted. It also requires detailed auditing and logging of all access attempts, and controls on those who are authorized to view or work with the data.

  • 1