This article can also be found in the Premium Editorial Download "Information Security magazine: Tips for navigating the maze of global security regulations."
Download it now to read this article plus other related content.
Look Before You Leap
When you consider encrypting backup tapes, you need to consider the risks of encrypting stored data. They're very different from the risks associated with encrypting data in flight. If you have a problem encrypting data in flight, you know it right away and fix the problem. For example, if an application is sending data across an encrypted channel, and something happens to the encryption, the application will crash. A root-cause analysis will determine that encryption failure was the culprit.
However, if you have a problem with encrypted data at rest, you may not know it for weeks, months or years--and probably not until it's too late. This is because unlike encryption of data in flight, the read step only happens when you verify or restore from a tape. Therefore, unless you're verifying every tape after you've written it, the only time you're going to test your encryption system is when you perform a restore--the worst time you want to find out your encryption system doesn't work.
The biggest risk with encrypting backup tapes is that you can make them so secure that even you can't read them. If you lose your keys, or if your processes break down, you end up with unreadable backup tapes. Unfortunately, you might not discover this has happened until the moment of truth: when you absolutely need to read that tape.
This is why key management is so important. Keys will be needed any time you attempt to read encrypted data, such
Consequently, keeping track of the keys used to encrypt data is paramount. A database is critical for tracking what key was used on what day to encrypt what data. Any time you change the key, the database must be updated accordingly. You must also control and monitor access to the key database to prevent unauthorized access.
Although secure key management systems already exist for encryption of data in flight, they don't support multiple keys associated with a single system or tape drive over different periods of time. As a result, key management systems designed for encrypting data at rest are often much less mature.
Another risk with encrypting backup tapes is failure to strike a balance between security and usability. This is a constant battle in security circles. If you make a system too secure, it becomes unusable or difficult to manage. If it's easy to manage, it's usually not very secure. The goal here is to find a balance--making the system more secure without significantly increasing management costs, or changing the user experience.
There are three basic ways to encrypt backup data:
- Source encryption
- Backup software encryption
- In-line hardware encryption
This was first published in February 2007