|
The data residing on your storage systems and media, data-at-rest, presents serious security concerns. Regulations and various mandates around the globe are putting the burden on companies and government entities to protect the private information they store.
Increasingly, companies are being required to publicly disclose breaches that put individual’s private data at risk, be it a customer, employee, shareholder, partner, or other stakeholder. And it is not just in the United States where laws like California’s SB1386, which requires public disclosure when unencrypted private data is potentially exposed, are being rolled out state by state. In Europe, the EU Data Protection Directive and Japan’s PIP Act protect the rights of individuals when handling personal information for commerce and the rendering of service. Expect regulations like these to get more stringent and spread more widely as breaches proliferate. For companies that operate in multiple countries, protecting the privacy of personal data presents a growing challenge.
The solution to the data privacy and corporate data protection challenge has been identified—encryption. To meet the various privacy mandates and compliance requirements, enterprises have to encrypt their data-at-rest. This means backup tapes containing an organization’s important data need to be encrypted with a key. Very soon, organizations will have dozens, hundreds, thousands, and potentially millions of encryption keys that must be managed, secured, and protected. These encryption keys must always be available so the data can be recovered, even in the event of a system disruption or major disaster.
The technology to perform data encryption is widely available. What organizations need is enterprise key management to protect keys while ensuring key availability under all circumstances.
This white paper reviews today’s enterprise data-at-rest privacy/security landscape and examines challenges of enterprise encryption and key management. It also assesses the current approaches to key management, introduces the concept of appliance-based enterprise key management, and identifies evaluation criteria for such an appliance. Finally, it describes the HP approach to enterprise key management and provides an enterprise implementation model to simplify key management deployment.
Enterprise data-at-rest security landscape today
Judging whether there are more security breaches now than in the past is hard. However, what is clear is that security breaches are getting more attention, if for nothing else than laws mandating public disclosure when a security breach potentially exposes unencrypted private data. Whatever the cause may be, the costs associated with security breaches are high. The state of Ohio reports spending over $2 million on a security breach resulting from a single lost tape. The headline grabbing breach at TJX Stores, which compromised the privacy of almost 46 million records, has cost this retailer approximately $150 million to date and the price tag is still climbing. The retail, financial, healthcare, and government sectors handle more private, personal data and thus feel even greater pressure to protect private data. In addition, enterprises need to keep their financial records and other proprietary information confidential until they are ready to be released or destroyed.
Although data encryption is the agreed upon solution for ensuring the privacy of personal data in the company’s care, there is no agreement on the best place to implement encryption. Encryption can be deployed across the enterprise data center infrastructure stack. Some companies implement it high in the stack, at the application level, where they can achieve broader coverage and control. Others encrypt data low in the stack, at the storage device itself or tape library, for the speed and ease of deployment. The invention of the HP StorageWorks LTO-4 Ultrium 1840 Tape Drive with built-in encryption makes implementing encryption especially convenient. In truth, companies deploy encryption at multiple points in the stack to achieve the right balance of coverage, control, speed, and ease for their situation.
|
