|
 |
|
General Information
|
Add To My Personal Library |
June 29, 2007
• Vol.29 Issue 26
Page(s) 26 in print issue
|
Encryption Key Management
Keeping Data Secure Goes Beyond Encryption
|
Encryption key management is one of the most important, yet least understood, areas any data center manager will be forced to confront. Whether it’s remembering the key to decrypt or understanding how data encryption works, managing the security of data with the help of encryption can be puzzling. With that in mind, companies such as Decru and Vormetric are making it even easier for data center managers to keep their offices safe.
Encryption has been around for thousands of years. Although it didn’t feature a computer, Ancient Babylonian merchants used an object called an intaglio, which utilized images and symbols instead of their names to identify themselves in transactions. Through the years, encryption has seen its ups and downs, but without the help of encryption keys to further protect data, encryption is nothing more than a paper tiger. While it may sound like encryption is a viable option because of its age and added protection with keys, be aware that encryption key management can be time-consuming and costly. Often, encryption key passwords are a long mixture of letters and numbers that help protect your data. But what happens when the key is lost? How do you retrieve the desired data without a means to decrypt it?
As Michele Borovac of NetApp (www.Processor.com/NetworkAppliance) company Decru explains, “Customers should be wary of encryption and key management systems where keys are invoked by a password that had to be typed into a system. If the password was lost or stolen, data could be inaccessible or compromised.”
 Choosing The Right Encryption
But for as dangerous as encryption key management can be, it is still quite important. A strong encryption key is the difference between keeping your data safe and having your data compromised. According to Hector Sanchez, technical marketing manager of Vormetric, “Encryption merely transfers risk from data access to key access—meaning that it is only as effective as the key management policies and processes that have been implemented.”
Adding to the importance of encrypting data, some of the more secure techniques probably shouldn’t be used for yesterday’s to-do list or last week’s fire drill procedure memo. Instead, data center managers should tailor the strength of the encryption to the type of data they are trying to protect.
Paul Kocher, president and chief scientist at Cryptography Research (www.cryptography.com), explains the tailoring of security measures to the encrypted data: “The strategies used are typically highly dependent on the type of data and the associated risks. For example, keys carried by end users are often stored in tamper-resistant circuits, such as those found on smart cards or SecurID tokens. Keys used for Web servers are often stored in high-speed encryption appliances. Rarely used keys may simply be stored on a piece of paper in a safe.”
More times than not, data center managers have a variety of requirements they look for when securing data that doesn’t necessarily meet the highest expectations but is “good enough.”
Decru offers encryption services to a number of companies that are looking for data and intellectual property security. These customers are typically interested in a system that is simple to deploy, easy to manage, and not so advanced that using the encryption management system would require expert advice. Even more ideal for data center managers is “a system that doesn’t require a significant amount of administrative time to manage.” Borovac notes, data center managers are most interested in “confidence that the system will scale to meet growing needs should the business change in the future.”
Sanchez notes, “Key management must be a part of strong access control and security policies that enforce how keys are used, as well as how they are distributed. Having one without the others would provide incomplete protection.” With that in mind, Vormetric has developed the Security Server that provides a viable encryption solution.
Vormetric’s Security Server offers randomly generated keys that contain important data. To further protect the data, the content contained in the key is not disclosed to administrators or end users. Even better, keys are stored on an FIPS (Federal Information Processing Standards)-certified security server, which adds protection in case of a local data compromise. But perhaps the most important feature Vormetric offers on its Security Server platform is the ability to change old keys with ease. If a data center manager feels the key has been compromised, Vormetric offers a utility that allows an administrator to easily switch the key without actually seeing the new key himself.
Decru offers a similar encrypting solution that promises the same kind of defense a data center manager can expect from Vormetric’s Security Server. Dubbed the DataFort E-Series, the security solution encrypts data in AES-256 and uses a True Random Number Generator to create keys that never actually leave DataFort’s hardware. DataFort also includes two security features that are handy and certainly useful for any data center manager: compartmentalization and LKM (lifetime key management). The compartmentalization feature creates virtual “vaults” that create a partition between stored data. This feature offers data center managers some comfort when data has been compromised. Ideally, compartmentalization will protect the other partitions. LKM is important to any data center manager who doesn’t have the time to manually manage encryption keys. The LKM system securely automates the archiving and recovery of encryption keys across the business. In essence, this feature ensures that decades-old encryption keys can be decrypted with ease.
Use Encryption Wisely
Encryption key management is paramount in the mind of many data center managers. Besides the tasks of administration, data center managers are charged with preserving and protecting the important data their businesses produce. Whether it’s intellectual property or an important dataset containing proprietary information, data center managers should be keenly aware of the threat of data being compromised, as well as the options encryption key management systems can offer them. With that said, it is important for all data center managers to use constraint when deploying encryption keys, as the highest level of encryption may not be suitable for the lowest level of important data. Simply put, encryption key management is not an easy task, but it is certainly a necessary task. 
by Don Reisinger
Encryption Products To Consider
Decru DataFort E-Series
Combines secure access controls, authentication, storage encryption, and secure logging to provide protection for sensitive data
www.Processor.com/DataFort
Vormetric Security Server
Offers secure network encryption with an element of encryption key secrecy that offers protection for storing sensitive data
www.Processor.com/Vormetric |
Sponsored Links
Decru
We help many of the world's largest enterprise and government organizations secure their vital data assets
www.Processor.com/Decru |
|
|
