This article can also be found in the Premium Editorial Download "Information Security magazine: Tips for navigating the maze of global security regulations."
Download it now to read this article plus other related content.
Backup Software Encryption
With backup software en-cryption, the backup ap-plication encrypts the data as it's stored on tape. Most backup software products have encryption options, and a number of vendors have beefed these up in recent months.
|PCI & Encryption|
The industry standard for protecting cardholder data cites encryption as critical.
The Payment Card Industry (PCI) Data Security Standard is a major initiative being enforced by Visa, MasterCard, Discover and American Express, and is designed to ensure cardholder privacy.
The PCI DSS requires that organizations protect stored cardholder data and encrypt cardholder data when it's transmitted across public networks. While the requirement for stored data is to "protect," not necessarily "encrypt," the standard does say that it believes encryption is a critical part of protecting stored customer data, in case the other layers of the security system break down.
But PCI auditors say that even with encryption and other security measures such as network segmentation, retailers and others simply shouldn't store credit card data unless it's absolutely necessary. According to the standard, organizations should keep cardholder data storage to a minimum, and should develop data retention and disposal policies.
While this solves the multiple key problem with source encryption by employing a single key management system, the key management systems employed by many backup software applications are antiquated. A few vendors have updated their key management techniques, and some have partnered with other companies to do so. Others, however, are stuck in the '80s and use systems that are easily defeated.
For example, they use a single key that has no concept of access control; if you have that key, you can read the tape. If a rogue employee gains access to the tape and the key, he or she will be able to read the tape. If you change the key due to that employee, he will still be able to read the stolen tape that was encrypted with the old key, but you won't be able to read backup tapes that were written prior to the date you changed the key--you would have to temporarily put the old key back in place to read old tapes.
Backup software encryption will also impact backup performance since encryption done in software is very slow. Although faster CPUs and more efficient code will help, software encryption will probably always lose the speed battle. Like source encryption, backup software encryption will also remove compression from most backup systems, unless the customer uses client-side software compression that slows the backup even more.
As a result, backup software encryption, like source encryption, is mainly applicable to encrypting small amounts of data. For instance, if you have a single database that stores personal information, you could encrypt the backups of just that database. However, it can be quite difficult to identify all databases and file systems that store personal information. If you can't be sure you've identified all such databases, you'd have to encrypt all backups to make sure you don't have to notify any customers if you lose a tape. If that were the case, this option would probably not be viable due to its impact on performance and capacity. Backup software encryption is appropriate, however, for backing up systems across unsecure networks.
This was first published in February 2007