Before the digitalization of data, encryption was enough to protect vital, private data from prying eyes and malicious intent.
However, as the recent rash of media coverage over the potential exposure of personal consumer data like Social Security numbers and credit card information demonstrated, storage security that depends only on encryption is far too risky. Hackers are able to eavesdrop, tamper and impersonate data increasingly invasively and effectively, and encryption alone is not enough.
To meet stringent compliance standards describing how long data must be kept and protected, companies must wage war against tampering and theft with a multilayered approach that starts with encryption and ends with the integration of digital signatures, digital certificates and hierarchical key management.
Backup and archive confront security challenges
The digitizing of critical information has eased transactions and made record keeping and other tasks more efficient, but it has also led to internal and external risks that threaten the privacy and authenticity of personal and other data. In recognition of these threats to the sanctity of critical data, regulations like the Gramm-Leach-Bliley Act and California's Database Security Breach Notification Act dictate the need to provide secure backup and nonrepudiated archiving.
The dangers that are driving these and other regulations are threefold:
Eavesdropping: The information remains intact, but its privacy is compromised.
Tampering: The information in transit is intercepted and changed, or changed at the destination.
Impersonation: The source information is spoofed (a fraudulent source pretends to be someone else), or a person or organization can misrepresent itself while accessing the data.
Many backup and archive products either transmit and store the data in clear text format or with a lightweight encryption algorithm. While sophisticated techniques are used to ensure that data stored on primary storage cannot be accessed by unauthorized persons, data stored on backup media (quite often removable media) can be freely accessed and restored by unauthorized persons.
Some hardware approaches to encryption emulate tape drives and encrypt all the data sent to tape. While better than clear text storage of data in place, these devices don't understand the business value of the data, therefore they will equally encrypt mission-critical databases with unimportant MP3 files.
Being unable to tell the difference between important and unimportant data for purposes of security is a risk in itself. With this approach, some vital information is likely to be underprotected, and an organization deploying such a blunt one-dimensional approach is unable to strategically allocate storage in the most effective manner.
A final shortcoming with most of today's backup and archive products is the limited power of encryption alone. By itself, encryption solves only the problem of eavesdropping, but the dangers of tampering and impersonation remain. One way to get around this is to use a multilayered approach to securing data.
By now, most people concerned with safeguarding information understand that "I've got it on tape" is no longer acceptable for data protection. To meet regulatory requirements and to achieve data protection at all stages of the backup and long-term archive process, we recommend using the following :
Advanced file encryption/decryption: Using public-key cryptography and a wide range of strong and certified ciphers, the data is encrypted before it leaves the primary storage and remains encrypted while it is stored on the storage media throughout the data life cycle. Whether it resides on disk or tape, it will be impossible for an unauthorized party to read the customer's business-critical information.
Advanced network encryption/decryption: Since more than 50% of security attacks occur on private networks, a secure tunnel must be built to ensure that valuable digital assets cannot be read while being transferred from one storage media to the other.
Digital signatures: Using digital signatures can help keep data intact. Using one-way hashing, both the information to back up and the digital signature will be sent over the network. When the backup and archive data reaches its destination, a new hash is created from the original data and compared with the original hash to ensure the information is not altered. A similar approach is used to guarantee nonrepudiation of long-term archives for compliance and litigation purposes.
Hierarchical key management: An integrated hierarchical certificate infrastructure addresses the issue of impersonation and ensures that the information backed up or recovered has been sent by a trusted computer. The same mechanism is also used to ensure that only authorized users recover data they are allowed to access.
Compliance policy enforcement: Different data has different importance and consequently different compliance requirements. A good system will match and enforce the recommended encryption and hash algorithms, retention periods and password lengths to different classes of data. The system needs to have the flexibility to apply different levels of security depending on the value of the information you need to protect.
The dark forces of digital intrusion have pushed data protection tools to the forefront as a means to control how data is treated, stored and secured against tampering and theft. Encryption is a good start, but its benefits are limited. That is why storage security must also integrate digital signatures, digital certificates and hierarchical key management. Encryption, digital certificates and key management intelligently applied to data with the aid of compliance templates form the basis of a holistic, multilayered storage security paradigm capable of meeting the multidimensional threat regime head on.
Francois Gauthier is chief technology officer of California-based Atempo, an independent software vendor specializing in data protection for trusted information life-cycle management.