Why Encrypt Data on Disk?
I am at the Storage Networking World (SNW) conference, and in an IDC question and answer session, someone in the audience said:
We intuitively recognize that encrypting tape is useful because we know that lots of people might get access to the tape. If you send the tape to Iron Mountain, then everyone from the shipping clerk to the truck driver has access. As a result, encrypting tapes and nothing else is a common first step, just as the questioner suggests.
On the other hand, I would argue that in many environments, there are people who can access the storage who wouldn't necessarily be able to access the server. Especially with SAN, NAS or iSCSI, the server can be in a different location from the storage, and it probably has different access controls. The people who run backups or make remote copies of data, for instance, may not have login access to the application server. The janitorial staff may have physical access to the storage, and could walk out with a disk, but they probably can't login to the server. The questioner is correct that encrypting the data on disk won't protect against all attacks, but it can certainly create an extra layer of security that protects against some attacks.
One common use of disk encryption is in defense or intelligence organizations that want to consolidate storage for separate groups that have different security clearances. Mildly secret information is classified as "confidential", "secret", or "top-secret", but very secret information is "compartmentalized", which means that there are many different categories of secretness. Group A is not allowed to see group B's secret data, and visa versa. As a result, each group is forced to buy its own separate storage and keep that storage in its own secure area. Today, each group can have its own encryption appliance, with its own keys, but the storage can be consolidated into a shared, non-secure data center. This is especially useful for groups with large amounts of secret data, because often there's not enough space or cooling inside the secured areas.
Disk encryption can also be useful if you replicate data to a shared disaster recovery facility that is less secure than your primary site. Don't transfer the keys to the remote site until you actually need to use the data there.
My point isn't that everyone should encrypt all data on disk. Far from it. As I said above, the easiest and most common first step is simply to encrypt backup tapes. Over time, however, as privacy and security issues continue to grow, I expect that more and more disk storage will also be encrypted.
I understand why you would encrypt data on tape, but why encrypt data on disk? It's going to be decrypted by the time it gets to the server anyway, so if you can get to the server, you'll be able to steal the data whether it's encrypted on disk or not.The key is whether any people have access to the disks that do not also have access to the server. If so, then encrypting the disks may be useful, because it'll protect against those people.
We intuitively recognize that encrypting tape is useful because we know that lots of people might get access to the tape. If you send the tape to Iron Mountain, then everyone from the shipping clerk to the truck driver has access. As a result, encrypting tapes and nothing else is a common first step, just as the questioner suggests.
On the other hand, I would argue that in many environments, there are people who can access the storage who wouldn't necessarily be able to access the server. Especially with SAN, NAS or iSCSI, the server can be in a different location from the storage, and it probably has different access controls. The people who run backups or make remote copies of data, for instance, may not have login access to the application server. The janitorial staff may have physical access to the storage, and could walk out with a disk, but they probably can't login to the server. The questioner is correct that encrypting the data on disk won't protect against all attacks, but it can certainly create an extra layer of security that protects against some attacks.
One common use of disk encryption is in defense or intelligence organizations that want to consolidate storage for separate groups that have different security clearances. Mildly secret information is classified as "confidential", "secret", or "top-secret", but very secret information is "compartmentalized", which means that there are many different categories of secretness. Group A is not allowed to see group B's secret data, and visa versa. As a result, each group is forced to buy its own separate storage and keep that storage in its own secure area. Today, each group can have its own encryption appliance, with its own keys, but the storage can be consolidated into a shared, non-secure data center. This is especially useful for groups with large amounts of secret data, because often there's not enough space or cooling inside the secured areas.
Disk encryption can also be useful if you replicate data to a shared disaster recovery facility that is less secure than your primary site. Don't transfer the keys to the remote site until you actually need to use the data there.
My point isn't that everyone should encrypt all data on disk. Far from it. As I said above, the easiest and most common first step is simply to encrypt backup tapes. Over time, however, as privacy and security issues continue to grow, I expect that more and more disk storage will also be encrypted.
Comments