Stay Away From the USA Today

Smart options for safeguarding stored data

W. Curtis PrestonV.P. Data ProtectionGlassHouse Technologies

Before I go into my presentation let’s talk about

a quick poll:

Do you have documented security procedures in place for

your storage infrastructure?

A) Yes

B) No

And let’s ask one more question:

Which of the following statements do you more strongly

agree with?

A) Off-line media poses the most serious threat to stored data

B) Online information poses the most serious threat to stored

data  

Agenda

The Business Case for Security

Data Security Basics

Encryption Basics

Backup Encryption Options

Summary

The Business Case for Security

The Business Case for SecurityBy design, backup is a plain-text application – to

facilitate restores

All plain-text backup tapes are readable by black hats

if they possess (and know how to use) the

appropriate hardware and software

Backup tapes are handled by humans, and humans

make mistakes

California SB 1386 (& future fed. law) requires written

notification of exposures to customers. If not

possible, it requires posting to web site and

notification of media

Huge PR loss & potential loss of I.P.

The Business Case for Encryption

Multiple instances of tape loss and media

notification in 2005

Estimated notification cost of $5 per customer

– higher cost per lost customer

The question for most companies is simple:

“How much would you pay not to be on the

cover of USA Today?”

Security Basics

Security Basics Information should be valid, and should be viewed only

by those who need to see it

AuthenticationAre you who you say you are?

AuthorizationAre you allowed to see the data?

IntegrityIs the data you’re seeing what it is supposed to be?

EncryptionIf you’re not authorized or authenticated, you see gibberish

AuditLet’s check once in a while to make sure it’s all working

Encryption Basics

Quick poll before we get into the encryption

basics:

Are you currently encrypting your backup data?

A) Yes

B) No

What are you most concerned about?

A) Losing private customer information

B) Losing your company's intellectual property

What’s motivating you to research storage security

solutions?

A) Compliance  

B) Recent headlines  

C) A recent data loss  

D) Something else  

Encryption Basics

It’s simply “reorganized” plain text

Plain text

• SECURITY

Same text, encrypted

• “19 5 3 21 18 9 20 25”

Private Key Encryption

Same key encrypts & decrypts

Also known as symmetric encryption

Example:A B C D E F G H I J K L M N O P Q R S T U V W

X Y Z

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26

• “S E C U R I T Y”

becomes

• “19 5 3 21 18 9 20 25”

Very fast, but must exchange keys

Used for bulk encryption

Public Key Encryption

Two keys, can encrypt with either, but must decrypt

with the other key

Also known as asymmetric encryption

“Send me data with this key, and only I can decrypt it.”

Much slower than private key method

Often used to send private key

Used for authentication

Backup Encryption Options

Challenges & RisksBiggest risk: unreadable backups• If you “lose the keys”• If the encryption product breaks

Challenges: Balance between usability & security• Give a copy of your house key to everyone you know

(Anyone can get in your house, but so can you.)• Make one copy of your house key and put it in a

combination safe (Only you can get in, but forget the combination & you are out of luck.)

Encryption Implementation Choices

Source encryption

Backup software encryption

In-line hardware encryption

Source Encryption Encrypt the data in place where it originally resides

Features• Application encryption• File system encryption• Host-based applications• Solves the problem at the source• Does not slow down the backup

Costs• Often free with application (e.g. Oracle) • Multiple keys and key systems to manage, management costs will be

high

Challenges• Can slow down primary application, not just backups

Risks• Many keys to lose

Summary: Best for small pieces of really sensitive data

Backup Software Encryption Encrypt the data when it is backed up using backup software

application

Applies to both backup software & electronic vaulting products

Features• Can encrypt data while transmitted and when stored

Costs• Inexpensive to implement for single systems (often <$500 per

system), but per-system licenses add up

Challenges• Slows down backups and recoveries as much as 50%• Loss of compression• Usually single key systems: changing keys can render old

backups unreadable

Risks• Rogue admin can read old backups, one key to lose

Summary: Best for encrypting small amounts of sensitive backup data

In-line Hardware Encryption Encrypt data going to tape using an appliance installed in the data path

(i.e. in-line)

Features• Appliance installed between backup server and tape drive• Appliances encrypt at line speed, invisible to backup app and tape

drives• Private key for encryption, public key for authentication, allowing for

Key changes Key quorums

Costs• Most expensive base price ($25K+) per unit, and large organizations

probably need multiple units

Challenges• Could set quorum too high and not be able to read your data

Risks• All startup companies (although Decru now owned by NetApp)

Summary: Only choice for large volume encrypted backup

Cost ConsiderationsMethod Acquisition

Cost

Implementation

Cost

Administration

Cost

Source $ $$$ $$$

Backup

Software

$ $$ $$$

In-line

Hardware

$$$ $ $

DR Considerations

Source Encryption• Does not affect recovery, need keys to oper.

Backup Software Encryption• Need key to recover. Loss of key=loss of data

In-line Hardware Encryption• Need an appliance and a quorum of keys to

recover. Can use s/w version, but slower.

Encryption SummarySource Encryption Backup Software Encryption In-line Hardware Encryption

Features Doesn’t slow backup Encrypts in transit & when

stored

Encrypts at line speed

Invisible to backup app

Challenges Many keys to manage

May slow source application

Slows backup up to 50% No technical or operational

challenges

Acquisition Costs Very low, often free with app <$500 per encrypted server $25K+ per 4 Gb of traffic

Management

Costs

High due to key management

Cuts tape capacity in half

Cuts tape capacity in half Minimal key management

Risks Loss of one key could mean loss

of your data & backups

Rogue employee can read old

backups with old key

Technology is <4 yrs old

DR Considerations Need master key; must give copy

to many people

Need master key; must give

copy to many people

Need quorum of keys; one or

two people cannot defeat

Summary Best for encrypting small,

homogeneous data types (Oracle

Financials)

Best for encrypting small,

heterogenous data tapes (3

servers w/sensitive data)

Best for large scale encryption

of all backups (encrypt

everything!)

Should anyone not encrypt? It is now possible to encrypt all backups

Cost of implementing encryption is relative to size

of company & data value

Cost & risk of not encrypting is now much greater

than encrypting

Translation: All off-site, cyclical backups should be

encrypted

Don’t encrypt long-term archives/backups yet.

Long-term risks still unknown.

Summary

Hardware encryption has highest

initial cost, but is the easiest to

implement and maintain, and should

be invisible to all applications

Other methods may be less expensive

to buy and maintain if customer is

only encrypting data containing

personal information

Vendors

Source Encryption• Microsoft (EFS), Oracle, Vormetric

Backup Software Encryption• All major backup software vendors (IBM,

Symantec, EMC)

• All electronic vaulting products (Asigra,

Avamar, Connected, E-Vault, LiveVault)

In-line Hardware Encryption• Decru, Neoscale

So now that we’ve talked about security and encryption,

lets take one more poll.

What grade would you give your storage department for

security readiness?

A) Good  

B) Fair  

C) Poor  

D) Do not know