Originating Author: Janet Engle
In order to comply with regulations or in response to possible data breaches, many companies are considering implementing storage encryption as a security option. Encryption is only one aspect of a storage network security strategy. For most enterprises, not all data will need to be encrypted. An encryption initiative can be completed in tiers, with highly sensitive data that would be costly or embarassing if lost encrypted first. Data encryption can be performed throughout the stack, giving companies the ability to encrypt individual information sets at levels appropriate to the data's confidentiality. Poor implementation of a storage encryption initiative may result in over- and under- protected data, degraded application performance, or service interruption. New encryption technologies are making the tactic less expensive and easier to implement than in the past.
Contents |
Storage encryption capability
Storage encryption can help protect data from unauthorized access by encoding the information at the device, file, database, or application level. The type of data being stored, the amount of security necessary, how the data is called upon, and the level of granularity required determine the optimal location or locations for placing encryption processes. By utilizing selective encryption at more than one level businesses can reduce security overhead, provide levels of security appropriate to different types of data, and reduce the likelihood of performance degradation or interrupted service. Encryption is not a substitute for other security tactics and must be used within a larger storage network security plan.
Specific operational goals of implementing storage encryption
A successful storage encryption implementation will:
- Protect confidential data, at a level appropriate to the security priority, from unauthorized access.
- Allow consistent decrypting of data for authorized applications.
- Cause minimal service interruptions.
- Comply with industry standards and applicable regulations.
- Handle the company’s changing storage encryption needs.
The major expected effects on the IT budget will normally include:
- Possible savings of the direct incremental costs (app. $45 per lost record) and lost productivity costs (app. $24 per lost record) of reporting data breaches to clients and customers, as many regulations exempt companies from notification requirements if the breached data is at least 128-bit encrypted [1].
- Relatively low implementation costs, usually less than $100,000 for a typical installation of two to four combined hardware/software appliances[2].
- Possible saving of security system upgrades following a breach. In 2005, companies reported spending an average of $180,000 to install new security measures after an information breach[3].
The major expected business productivity improvements will normally include:
- Higher employees confidence levels. Employees reported the highest confidence level (.82) with companies that have a consistently applied encryption plan. Companies who use no encryption have the lowest employee confidence level (.51) [4].
Other potential impacts on organization include:
- An acceptable level of performance degradation (normally less than 6%).
- Higher customer and client satisfaction with data security.
- Compliance with data security regulations. As of September, 2006, 16 of the 20 state privacy laws require encryption of certain data [5].
Risks of implementing storage encryption
The major risk to a storage encryption initiative is incorrectly locating encryption points, either because of a mistake in assessing the usage or security needs of information sets. Implementing storage encryption based on an incomplete understanding of what applications access specific data may result in service interruptions and diminished application performance. Encrypting data at too low of a level may result in security holes, while encrypting at a level higher than warranted by the confidentiality priority of the data will result in increased cost without significantly higher security. Excessive downtime, slow performance, or highly intrusive identification measures may encourage employees to develop workarounds which decrease the security of the storage system. Encryption may also weaken other aspects of a security system by interfering with processes that require scanning data, such as intrusion detection systems or anti-virus software. Encryption is most commonly achieved by transforming data using a fixed algorithm and a variable key. Because of this, managing the key is necessary to protect data. A corrupted, lost or compromised key may result in a security breach or inaccessible data.
The storage encryption initiative
The storage encryption initiative will be implemented when the storage encryption system has been designed, installed, implemented and tested to ensure that data is consistently encrypted and decrypted and that performance degradation is within the defined acceptable range.
Expectations (Out of Scope)
The following factors, although necessary for the storage encryption implementation to be successful, are not within the scope of this initiative:
- A security management path is in place and a key decision maker has been identified.
- The sensitivity of stored data has been analyzed.
- The costs associated with losing stored data has been estimated.
- Applicable security regulations have been identified and the company's compliancy status has been identified.
- The role of encryption as part of a storage network security plan has been defined.
- Taking into consideration data sensitivity, the possible costs associated with losing the data, and the company's legal responsibility, the information to be encrypted has been defined. Encrypting non-confidential information is costly and increases the risk of service interruptions and reduced application performance.
- Storage databases containing data to be encrypted are analyzed and documented.
- Acceptable levels of performance degradation have been defined.
- The storage encryption initiative budget has been defined.
Analyze Phase
Acceptance Test Considerations:
The analyze phase will be completed when the initial business case has been accepted by the sponsor, and agreement has been reached to proceed to the design phase or kill the project.
Key analysis milestones:
Analysis should take 6-8 weeks for most companies. For businesses with large amount of, or highly structured and detailed data, the process may take longer.
1. Applications and users that need to access data to be encrypted are identified and the amount of information from each encrypted record that will need to be accessed has been analyzed.
2. Data to be encrypted is prioritized and segmented based on sensitivity level, types of applications that call on data, and granularity requirements for information sets.
3. Possible encryption location points (device, file, database, and application levels) are determined for segmented data.
- Encrypting stored data at the tape or disk drive (device level) usually results in very little performance degradation and allows for compression. However, this strategy offers limited security, as it only protects data when the physical storage media have been compromised. Encrypting highly sensitive data only at the device level is not compliant with most privacy regulations.
- Encrypting at the file level gives companies more control over what users and applications can access information. When data is encrypted at the file level, it is written to the storage media encrypted. File-level encryption usually works well for unstructured data such as documents and reports, but encrypting highly structured records at this level usually results in overprotecting data, as only a few of the record fields will likely be sensitive.
- Database level encryption allows for the design of a system where only specific columns of the database are encrypted. Each column of sensitive data can have its own key. Access to the data item is controlled by limiting access to the key. As in file level encryption, any data encrypted at this level will also be encrypted when it is written to the storage media. Encrypting data at this level, although offering a high level of security and granularity, often results in performance degradation.
- Encrypting at the application level usually provides the highest level of security. To reach data encrypted at this level, users must have access to the specific application. Because one record may be used by several difference applications, this strategy often requires complex coding and tends to be the most expensive option.
Design Phase
Acceptance Test Considerations:
The design phase will be completed when the storage encryption design has been accepted by the sponsor and agreed to by the key application user groups, and agreement has been reached to proceed to the deploy phase or kill the initiative.
Key design milestones:
The design phase should take 4-6 months for most companies. For businesses with many complicated applications, the process may take longer.
1.Identified possible encryption location points are analyzed to determine encryption points that minimize redundant security while ensuring that necessary data fields of previously defined confidential records are encrypted.
- Encrypting the same data at more than one level, unless justified by the protected information’s confidentiality level, increases expense and may add to performance degradation.
- Organizations with highly sensitive information may need to encrypt the same data at multiple layers
2. Storage databases are reviewed and redesigned as necessary to fit in with the encryption scheme.
- If applications routinely query for non-confidential information from a database that is indexed using sensitive data, such as social security numbers, the entire database will have to be decrypted each time a query is performed. Using nonidentifying numbers as the database index may speed application rates.
3. Encryption hardware and software options are researched and options are located that meet security needs while fitting into initiative’s budget.
- Most commercial encryption packages contain hardware and software appliances that can be personalized to fit specific encryption strategies.
- Lower end encryption packages may not have the capability to handle application-level encryption. For highly sensitive data that requires this level of protection, more customization may be required.
4. Effective and secure key management protocols are defined to address the following needs:
- Generating and obtaining keys.
- Archiving, changing, updating and destroying keys.
- Allowing authorized users to access keys.
- Logging key management related activities.
- Reviewing key logs to detect unauthorized access.
- Physically securing key-generating equipment.
- Accessing data and securing the system in event of a breach or lost keys.
Deploy Phase
Acceptance Test Considerations:
The storage encryption initiative will be implemented when the storage encryption system has been installed, implemented and tested to ensure that data is consistently encrypted and decrypted and that performance degradation is within the defined acceptable range.
Key deployment milestones:
The deploy phase should take 4-6 weeks for most companies. For businesses with many complicated applications, the process may take longer.
1. Encryption hardware and software are installed at points identified in the design phase.
- Only high priority data needs to be encrypted during the initial deploy phase.
- Lower priority data, as defined during the analyze phase, can be encrypted incrementally as budget, schedule and expertise allow.
2. The storage encryption system is tested.
- All information segments are receiving levels of encryption appropriate to their sensitivity.
- Encryption does not interfere with other security measures.
- System performance degradation is within defined parameters.
3. Employees are trained on new system protocols, if needed.
4. Clients are informed about any changes that will affect how they access information or services, such as using account numbers instead of social security numbers.
5. Storage encryption initiative wrapped up.
- Plans to encrypt lower priority data, if necessary, are finalized.
- Procedures installed for monitoring security and performance of storage system.
- Procedures to manage and secure keys are installed.
- Procedures to defined to continue to meet initiative goals as storage size and distribution change.
Storage encryption initiative summary
By selectively encrypting sensitive data at one or more locations along the stack, companies can lower the cost of encryption while providing levels of security appropriate to the sensitivity of individual information sets. Where encryption processes are installed depends on the type of data being stored, the sensitivity of the information, what applications call upon the data, and the level of granularity required. Successful implementation of a storage encryption initiative may result in higher security levels at a lower cost, with little or no performance degradation.
Footnotes
[1] 2006 Annual Study, Cost of a Data Breach, Understanding Financial Impact, Customer Turnover, and Preventative Solutions; Ponemon Institute; October 2006.
[2] Data Encryption Promises SAN Security; Storage Network World Online; Alan Radding; 27 January 2003.
[3] 2006 Annual Study, Cost of a Data Breach, Understanding Financial Impact, Customer Turnover, and Preventative Solutions; Ponemon Institute; October 2006.
[4] What Security Professionals Think About Encryption; Ponemon Institute; February 2006.
[5] How to Develop an Enterprise Encryption Strategy; InfoWorld; 1 September 2006.