The data residing on your storage systems and media, data-at-rest, presents serious security concerns. Regulations and various mandates around the world are putting the burden on companies and government entities to protect the private information they store. Increasingly, companies are being required to publicly disclose breaches that put individuals private data at risk, be it a customer, employee, shareholder, partner, or other stakeholder.
Securing data at rest white paper
An enterprise strategy for data encryption and key management
Introduction: The data security imperative ............................................................................................... 2 Enterprise data-at-rest security landscape today....................................................................................... 2 Challenges of enterprise stored data (data-at-rest) encryption .................................................................... 3 Current approaches to key management ................................................................................................ 4 The enterprise key management appliance ............................................................................................. 5 Implementation model-enterprise key management appliance ................................................................... 6 Time to elevate key management to enterprise level ................................................................................. 7 For more information............................................................................................................................ 8 Introduction: The data security imperative
The data residing on your storage systems and media, data-at-rest, presents serious security concerns. Regulations and various mandates around the globe are putting the burden on companies and government entities to protect the private information they store. Increasingly, companies are being required to publicly disclose breaches that put individual's private data at risk, be it a customer, employee, shareholder, partner, or other stakeholder. And it is not just in the United States where laws like California's SB1386, which requires public disclosure when unencrypted private data is potentially exposed, are being rolled out state by state. In Europe, the EU Data Protection Directive and Japan's PIP Act protect the rights of individuals when handling personal information for commerce and the rendering of service. Expect regulations like these to get more stringent and spread more widely as breaches proliferate. For companies that operate in multiple countries, protecting the privacy of personal data presents a growing challenge. The solution to the data privacy and corporate data protection challenge has been identified-encryption. To meet the various privacy mandates and compliance requirements, enterprises have to encrypt their data-at-rest. This means backup tapes containing an organization's important data need to be encrypted with a key. Very soon, organizations will have dozens, hundreds, thousands, and potentially millions of encryption keys that must be managed, secured, and protected. These encryption keys must always be available so the data can be recovered, even in the event of a system disruption or major disaster. The technology to perform data encryption is widely available. What organizations need is enterprise key management to protect keys while ensuring key availability under all circumstances. This white paper reviews today's enterprise data-at-rest privacy/security landscape and examines challenges of enterprise encryption and key management. It also assesses the current approaches to key management, introduces the concept of appliance-based enterprise key management, and identifies evaluation criteria for such an appliance. Finally, it describes the HP approach to enterprise key management and provides an enterprise implementation model to simplify key management deployment.
Enterprise data-at-rest security landscape today
Judging whether there are more security breaches now than in the past is hard. However, what is clear is that security breaches are getting more attention, if for nothing else than laws mandating public disclosure when a security breach potentially exposes unencrypted private data. Whatever the cause may be, the costs associated with security breaches are high. The state of Ohio reports spending over $2 million on a security breach resulting from a single lost tape. The headline grabbing breach at TJX Stores, which compromised the privacy of almost 46 million records, has cost this retailer approximately $150 million to date and the price tag is still climbing. The retail, financial, healthcare, and government sectors handle more private, personal data and thus feel even greater pressure to protect private data. In addition, ... [download for more]
