Wednesday January 30, 2008

ABCs of Data Encryption

Public disclosures of data 'indiscretions' have become regular enough and embarrassing enough that many organizations are exploring encryption options to simply stay out of the headlines. Those who have ventured into this space quickly realize that there is no 'magic crypto fairy dust' that will make the problems go completely away. However, with careful planning and judicious use of the right technologies, organizations can eliminate many of their exposures. This session focuses on the efforts required at the storage layer to create a successful encryption strategy. Major uses along with factors to consider are presented for protecting storage management, data in-flight, and data at-rest. The session provides expanded coverage on encrypting data at-rest, including key management and a step-by-step approach.

Learning Objectives

• Identify where encryption is applied to the storage layer
• Discuss uses and issues associated with the application of encryption, with special emphasis on data at-rest encryption prerequisites and opportunities.
• Develop an approach for implementing data at-rest encryption.

Crytographic Use Cases and the Rationale for End-to-End Security

The variety of environments in which Fibre Channel (FC) fabrics and other technologies such as iSCSI and FCIP are deployed makes it likely that customers will have many choices for data protection in the future. Data protection solutions such as data integrity, data-at-rest, and in-flight data protection are among those choices. This tutorial surveys many use cases that identify the locations in a SAN where security may be applied and explores an end-to-end security approach.

• Develop an understanding of various data protection alternatives, including data integrity, data-at-rest, and data in-flight and how they mitigate different threats in SANs
• Identify numerous locations in a SAN where security technologies can be applied and the pros/cons of each alternative
• End-to-end security is studied in-depth as one common approach

Introduction to Key Management

As secure storage becomes more pervasive throughout the enterprise, the focus quickly moves from implementing encrypting storage devices to establishing effective key management policies. Without the proper generation, distribution, storage, and recovery of key material, valuable data will be eventually compromised. Worse, without proper management of key information, data can be completely lost.

This session explores the fundamental issues and technologies that impact key management for disk, tape, array, and other storage devices. Major issues associated symmetric encryption keys are presented, along with practical advice on effective key management issues and practices.

Learning Objectives:

• Acquire a basic understanding of key management technologies and issues within the storage environment.

• Understand the basics of symmetric encryption keys with an emphasis on data-at-rest encryption.

• Identify the best practices for key management in the storage environment.

Introduction to Storage Security

Many enterprises face the task of implementing data protection and data security measures to meet a wide range of requirements. We have already made you aware of the threats. You know that the risks and threats are real; it is just a matter of time before you become a statistic. The security best practices provided by the SNIA Security Technical Work Group will help you to secure the storage infrastructure to know and manage our risks. However, what will it really take to implement a secure storage infrastructure? What upfront work is required to implement security? What is the ongoing work to insure that the storage infrastructure is secure?