|
Safely Securing Data - New Views of Encryption and Key Management
By Gordon Arnold, Chair, SNIA Storage Security Industry Forum
Data in networked storage environments is significantly more vulnerable to unauthorized access, theft, or misuse than data stored in more traditional, direct-attached storage.
Aggregated storage is not designed to compartmentalize the data it contains, and data from different departments or divisions becomes co-mingled in the network. In addition, as explained in the SNIA Storage Security Industry Forum's "Solutions Guide to Data-at-Rest", data backup, off-site mirroring, and other data replication techniques may increase the risk of unauthorized access from people both inside and outside the enterprise.
With storage networks, a single security breach can threaten the data assets of an entire organization. Curious or malicious insiders, administrators, partners, hackers, contractors, or outsourced service providers can all gain access to data quite easily. Partner access through firewalls and other legitimate business needs can also create undesirable security risks, and current research indicates a significant percentage of attacks come from within the firewall.
Technologies such as firewalls, Intrusion Prevention Systems (IPS), and Virtual Private Networks (VPNs) seek to secure data assets by protecting the perimeter of the network. LUN masking and zoning in SAN environments also attempt to address concerns about security. Unfortunately, these targeted approaches do not adequately secure storage, as data is still stored in plaintext, dangerously open to a wide range of internal and external attacks.
How to Secure Networked Data?
encryption
[Data Security] The conversion of plaintext (unencrypted information) to encrypted text with the intent that it only be accessible to authorized users who have the appropriate decryption key.
Encrypting data-at-rest on tape and disk will significantly mitigate the threats described above, and allow data security while maintaining current service levels for operations. The SSIF Solutions Guide to Data-At-Rest provides a description of a variety of products that encrypt data-at-rest on disk and tape that have been available from vendors for some time. In addition, fabric-based encryption solutions that address specifically protecting data in the SAN and storing data-at-rest in encrypted form are now available.
Increased use of encryption for securing information in the enterprise reflects the critical importance of this technology in addressing regulatory requirements, protecting intellectual property and controlling the exposure of sensitive information. In many cases, the use of encryption is specifically called for or provides a "Safe Harbor", such as with Payment Card Industry Data Security Standards (PCI DSS) and USA federal and state regulations such as the California disclosure law (CA SB1386), respectively.
Key Management Adds Challenges
Unfortunately, widespread use of encryption is complicated by inconsistencies and duplication in the key management systems supporting each of the encryption environments.
As explained in the "SSIF Solutions Guide for Data at Rest", the use of encryption also implies the need for management of the keys used to encrypt data and their availability whenever and where authenticated access to data is required. "Key management" solutions come in many shapes and sizes. The Guide describes key management in the application, key management in the device, standalone key management software, and centralized key management appliances.
Each encryption system tends to have its own, isolated key management system that requires separate policy management operation, and audit reporting. For example, enterprise tape and disk encryption, application encryption, and database encryption all have their own proprietary key management system.
This proliferation of key management systems, along with a siloed key management approach, has significant disadvantages for enterprises. It results in increased operational costs, due to the need to maintain expertise in multiple key management systems and redundancy in performing common operations, such as the definition of key-related security policies, multiple times. It also results in increased infrastructure costs, since multiple redundant copies of each key server are required for high availability. The proliferation of key management systems results in higher risk for the enterprise as well by increasing the likelihood of discrepancies in key-related security policies, the difficulty of oversight for key management processes and the potential failure of key protection processes that could result in loss or misuse of keys. The increasing use of encryption brings with it the risk that the data, once encrypted, cannot be decrypted because the key or context for that encryption has been lost.
Enterprise key management systems address the proliferation of key management systems by providing a single key management environment that addresses multiple encryption systems. However, the many proprietary protocols in use by encryption systems means that every enterprise key management system currently has to support a multitude of different communication mechanisms, often one for each of the different encryption systems it supports.
These discrepancies between protocols for key management increase the cost of the key management system development and testing, increase the delay in having new encryption systems supported by a single enterprise key manager, and increase the risk for enterprises adopting encryption systems because of potential differences in how the enterprise key management system supports each of the encryption systems.
Figure 1: Proliferation of Key Management Systems
Toward a New, Open Standard for Key Management
A number of SSIF member companies are taking a leading role in defining and adopting an open standard for managing encryption keys. Use of this new emerging standard, Key Management Interoperability Protocol (KMIP), promises to greatly reduce OPEX and improve compliance visibility.
The problem addressed by KMIP is primarily that of standardizing communication between encryption systems that need to consume keys and the key management systems that create and manage those keys. By defining a low-level protocol that can be used to request and deliver keys between any key manager and any encryption system, KMIP enables the industry to have any encryption system communicate with any key management system. Through this interoperability, enterprises will be able to deploy a single enterprise key management infrastructure to manage keys for all encryption systems in the enterprise that require symmetric keys, asymmetric keys pairs, certificates and other security objects.
KMIP addresses this problem by defining a single message format between encryption and key management systems, as shown in Figure 2.
Figure 2: Enterprise Key Management with KMIP
Using KMIP with Encrypted Storage
One of the most common environments for symmetric key encryption is storage, including data encryption on tapes, data encryption for arrays, full-disk-encryption for laptops, file-based encryption and database encryption.
Using KMIP with Low-End Devices
KMIP is a relatively simple wire protocol to support those encryption environments with limited processing power or network bandwidth. One such case, for example, is in support for automated metering in the utility environment. In such an environment, it is important to be able to preserve the integrity of the usage reports sent from the meter to the utility's billing server.
Using KMIP for Certificate Distribution
Although key management systems are most often used currently for symmetric keys, they can also be valuable for propagation as digital certificates, for example used in entity identification for applications. The application infrastructure can use KMIP to request a renewal of the certificate as its expiration date approaches.
Next Steps
Organizations look to encryption and key management to reduce the vulnerability of data in networked storage environments. Indeed, a majority of systems, network, and storage managers attending a recent Storage Security Hands-On Lab at the Storage Networking World Conference found that encryption and key management exercises would be useful in their daily operations.
Interoperability of key management systems and encryption devices is an important step in expanding the implementation of these solutions, and in advancing storage security in organizations. Adoption of standards and new technologies for encryption and key management are the big issues for 2009, according to Gordon Arnold, chair of the SSIF and STSM, Technical Strategy Storage Software at IBM Corporation. Storage security manufacturers will advance the timeline with a variety of activities, and the SNIA Storage Security Industry Forum will continue its worldwide educational activities on these and other storage security topics through webinars, solutions guides, and community forums. The SSIF invites IT professionals to communicate their interest in and thoughts on encryption and key management standards to ssif-info@snia.org, or through the Storage Technology Online Community at www.stortoc.org.
|
