Upload
tech-dude
View
397
Download
1
Tags:
Embed Size (px)
Citation preview
Stay Away From the USA Today
Smart options for safeguarding stored data
W. Curtis PrestonV.P. Data ProtectionGlassHouse Technologies
Before I go into my presentation let’s talk about
a quick poll:
Do you have documented security procedures in place for
your storage infrastructure?
A) Yes
B) No
And let’s ask one more question:
Which of the following statements do you more strongly
agree with?
A) Off-line media poses the most serious threat to stored data
B) Online information poses the most serious threat to stored
data
Agenda
The Business Case for Security
Data Security Basics
Encryption Basics
Backup Encryption Options
Summary
The Business Case for Security
The Business Case for SecurityBy design, backup is a plain-text application – to
facilitate restores
All plain-text backup tapes are readable by black hats
if they possess (and know how to use) the
appropriate hardware and software
Backup tapes are handled by humans, and humans
make mistakes
California SB 1386 (& future fed. law) requires written
notification of exposures to customers. If not
possible, it requires posting to web site and
notification of media
Huge PR loss & potential loss of I.P.
The Business Case for Encryption
Multiple instances of tape loss and media
notification in 2005
Estimated notification cost of $5 per customer
– higher cost per lost customer
The question for most companies is simple:
“How much would you pay not to be on the
cover of USA Today?”
Security Basics
Security Basics Information should be valid, and should be viewed only
by those who need to see it
AuthenticationAre you who you say you are?
AuthorizationAre you allowed to see the data?
IntegrityIs the data you’re seeing what it is supposed to be?
EncryptionIf you’re not authorized or authenticated, you see gibberish
AuditLet’s check once in a while to make sure it’s all working
Encryption Basics
Quick poll before we get into the encryption
basics:
Are you currently encrypting your backup data?
A) Yes
B) No
What are you most concerned about?
A) Losing private customer information
B) Losing your company's intellectual property
What’s motivating you to research storage security
solutions?
A) Compliance
B) Recent headlines
C) A recent data loss
D) Something else
Encryption Basics
It’s simply “reorganized” plain text
Plain text
• SECURITY
Same text, encrypted
• “19 5 3 21 18 9 20 25”
Private Key Encryption
Same key encrypts & decrypts
Also known as symmetric encryption
Example:A B C D E F G H I J K L M N O P Q R S T U V W
X Y Z
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26
• “S E C U R I T Y”
becomes
• “19 5 3 21 18 9 20 25”
Very fast, but must exchange keys
Used for bulk encryption
Public Key Encryption
Two keys, can encrypt with either, but must decrypt
with the other key
Also known as asymmetric encryption
“Send me data with this key, and only I can decrypt it.”
Much slower than private key method
Often used to send private key
Used for authentication
Backup Encryption Options
Challenges & RisksBiggest risk: unreadable backups• If you “lose the keys”• If the encryption product breaks
Challenges: Balance between usability & security• Give a copy of your house key to everyone you know
(Anyone can get in your house, but so can you.)• Make one copy of your house key and put it in a
combination safe (Only you can get in, but forget the combination & you are out of luck.)
Encryption Implementation Choices
Source encryption
Backup software encryption
In-line hardware encryption
Source Encryption Encrypt the data in place where it originally resides
Features• Application encryption• File system encryption• Host-based applications• Solves the problem at the source• Does not slow down the backup
Costs• Often free with application (e.g. Oracle) • Multiple keys and key systems to manage, management costs will be
high
Challenges• Can slow down primary application, not just backups
Risks• Many keys to lose
Summary: Best for small pieces of really sensitive data
Backup Software Encryption Encrypt the data when it is backed up using backup software
application
Applies to both backup software & electronic vaulting products
Features• Can encrypt data while transmitted and when stored
Costs• Inexpensive to implement for single systems (often <$500 per
system), but per-system licenses add up
Challenges• Slows down backups and recoveries as much as 50%• Loss of compression• Usually single key systems: changing keys can render old
backups unreadable
Risks• Rogue admin can read old backups, one key to lose
Summary: Best for encrypting small amounts of sensitive backup data
In-line Hardware Encryption Encrypt data going to tape using an appliance installed in the data path
(i.e. in-line)
Features• Appliance installed between backup server and tape drive• Appliances encrypt at line speed, invisible to backup app and tape
drives• Private key for encryption, public key for authentication, allowing for
Key changes Key quorums
Costs• Most expensive base price ($25K+) per unit, and large organizations
probably need multiple units
Challenges• Could set quorum too high and not be able to read your data
Risks• All startup companies (although Decru now owned by NetApp)
Summary: Only choice for large volume encrypted backup
Cost ConsiderationsMethod Acquisition
Cost
Implementation
Cost
Administration
Cost
Source $ $$$ $$$
Backup
Software
$ $$ $$$
In-line
Hardware
$$$ $ $
DR Considerations
Source Encryption• Does not affect recovery, need keys to oper.
Backup Software Encryption• Need key to recover. Loss of key=loss of data
In-line Hardware Encryption• Need an appliance and a quorum of keys to
recover. Can use s/w version, but slower.
Encryption SummarySource Encryption Backup Software Encryption In-line Hardware Encryption
Features Doesn’t slow backup Encrypts in transit & when
stored
Encrypts at line speed
Invisible to backup app
Challenges Many keys to manage
May slow source application
Slows backup up to 50% No technical or operational
challenges
Acquisition Costs Very low, often free with app <$500 per encrypted server $25K+ per 4 Gb of traffic
Management
Costs
High due to key management
Cuts tape capacity in half
Cuts tape capacity in half Minimal key management
Risks Loss of one key could mean loss
of your data & backups
Rogue employee can read old
backups with old key
Technology is <4 yrs old
DR Considerations Need master key; must give copy
to many people
Need master key; must give
copy to many people
Need quorum of keys; one or
two people cannot defeat
Summary Best for encrypting small,
homogeneous data types (Oracle
Financials)
Best for encrypting small,
heterogenous data tapes (3
servers w/sensitive data)
Best for large scale encryption
of all backups (encrypt
everything!)
Should anyone not encrypt? It is now possible to encrypt all backups
Cost of implementing encryption is relative to size
of company & data value
Cost & risk of not encrypting is now much greater
than encrypting
Translation: All off-site, cyclical backups should be
encrypted
Don’t encrypt long-term archives/backups yet.
Long-term risks still unknown.
Summary
Hardware encryption has highest
initial cost, but is the easiest to
implement and maintain, and should
be invisible to all applications
Other methods may be less expensive
to buy and maintain if customer is
only encrypting data containing
personal information
Vendors
Source Encryption• Microsoft (EFS), Oracle, Vormetric
Backup Software Encryption• All major backup software vendors (IBM,
Symantec, EMC)
• All electronic vaulting products (Asigra,
Avamar, Connected, E-Vault, LiveVault)
In-line Hardware Encryption• Decru, Neoscale
So now that we’ve talked about security and encryption,
lets take one more poll.
What grade would you give your storage department for
security readiness?
A) Good
B) Fair
C) Poor
D) Do not know