Securing Data-at-Rest

Transcription

1 Securing Data-at-Rest Robert A. (Bob) Lockhart NeoScale Systems, Inc McCarthy Blvd, Milpitas, CA Phone: FAX: Presented at the THIC Meeting at the Sony Auditorium, 3300 Zanker Rd, San Jose CA February 28 March 1, 2006

2 Storage Security Drivers Storage Drivers Information Attacks Secure Consolidation Data Availability Business Continuity Vulnerable Data Regulatory Compliance Insiders Data Breaches Lost Tapes * Real Threats = HIGH RISK Industry HIPAA, PCI National None yet Local CA + 22 States * Liability

3 Data / Storage Vulnerability Points DMZ Unauthorized Data Access Uncontrolled Host Access Media Theft Intranet MAN WAN Eavesdropping Host Spoofing Enterprises first secured the Perimeter, Clients and the Network New budgets now are for Securing Applications and Data Gartner: "By year-end 2006, 85 percent of Fortune 1000 enterprises will encrypt most critical "data at rest" (0.9).

4 Storage Security Considerations Who are the Responsible Parties Security, Storage, Systems, Networks Who takes the 3:00AM phone call Security Training This goes beyond Storage Security Should cover all aspects of security for the organization Storage Security is a Part of the Picture Storage Security is a solution to meet specific threats Security must have an overall strategy and Storage Security is an important part If there is not already a strategy in place you should pursue one prior to implementing any form of Storage Security

5 Storage Security Components Storage security elements Authentication Access Control Integrity Encryption Secure key management is the real challenge for Storage Security with encryption Authentication validates user, system and/or application Access Control determines what can be seen Integrity validates data is in the original state is was stored in Encryption uses a key to secure and protect data content Encryption key management If the key is lost or compromised, then so is the data Keys must be available whenever and wherever data is accessed

6 Storage Security Considerations Certifications Performance Encryption algorithms Key management Additional Storage Requirements Operational changes Total Cost of Ownership

7 Federal Information Processing Standards FIPS Levels 1 through 4 Government, Financial and Healthcare Required in Classified environments Sets a level of requirements on how security is met, maintained and controlled Key Materials never leave the encryption module in unencrypted form System vs. Component (e.g. Chip) Certifications System level certification tests entire system System Requirements Hardware FCC Class B (Level 3), Opacity, Physical Access Software Logical Access, Authentication, Control FIPS supported encryption algorithm AND mode of operation Considerations FIPS certification process tests system security

8 Performance Primary storage Response Time Throughput bi-directional throughput should be measured to determine true throughput Latency important factor in SAN performance. Should be less than 100 microseconds delay Tape storage Backup Window Throughput keep up with backup application Logical density number of tape drives that can be supported simultaneously Compression must be done before encryption to minimize tape media requirements Considerations Look for security solutions designed for the storage application particularly latency for primary storage

9 Encryption Alternatives Server or Application Appliance Network Server Storage Device Network Tape Advantages Policy integration Considerations: Server CPU overhead Slow performance Key Management? Server Security Appliance Network Array Advantages: Native performance Application invisible Encryption offload Basic policy integration Secure key management Considerations: Appliance required Server Tape Advantage: Native performance? Application invisible Encryption offload Considerations: Key Management? Policy integration Product availability

10 Storage Requirements Primary Storage No Impact No Encryption FCP Command Frame FC SoF FC Header SCSI Command CRC FC EoF 4 Bytes 4 Bytes 28+ Byte FCP Command 4 Bytes 24 Bytes Up to 2112 Byte Payload Modified CRC Fibre Channel Data Frame No Encryption FC SoF 4 Bytes FC Header 24 Bytes Encryption of Payload Only Data Block Data Block Data Block Data Block 512 Byte Block 512 Byte Block 512 Byte Block 512 Byte Block Up to 2112 Byte Payload CRC FC EoF 4 Bytes 4 Bytes

11 Secure Key Management Challenges Random key creation to ensure data privacy Key distribution for Create multi-site access Distribute Delete Compliance requirements for long term archive Sharing encrypted data with business partners Archive Recover Recovery of encrypted data and keys at any site Share Data destruction across multiple locations

12 What is a Key Management System? Devices performing encryption Appliances, Media, Applications Systems providing key services Generation, Distribution, Archives, Backups, etc Logs, Events and Alerts Operational Process and Procedure Retention Policies Alert Notification and Required Actions Human Required Processes

13 Operational Impact Impact to Storage Infrastructure: How many changes to storage configuration and administration? SAN addressing changes? Periodic review of SAN configuration required? Operational awareness of storage security solution Selective vs. encrypt all Impact to Business Continuity/Disaster Recovery solutions and plans Data-in-flight vs data-at-rest encryption for replicated or remote data Impact on link costs Impact on link encryption performance on mirroring distances or mirrored disk performance Considerations Review operational impact before deploying security solution

14 Logging, Events & Alerting Creation to deletion logging All events in the life of a key must be maintained Logs provide a trail for audit purposes Events consist of any action taken on a key Creation, distribution, use, archive, Any exports, backup, recovery and deletion Alerts should occur based on operational requirements Key Deletion, Key Export, etc A KMS must have a Secure Audit Log This is in addition to a traditional System Log Facility

15 Takeaways Risk of stored data breach is going way up Protecting the perimeter is not enough Regulations on data privacy increasing Encryption of data-at-rest and data-in-flight introduces operational considerations The largest cost of Security is Operations Choose the storage security solution with lowest TCO

16 NeoScale Storage Security Solutions CryptoStor Tape Secure tape backup -Lost/stolen media -Data manipulation CryptoStor FC Secure storage consolidation - Host access control - Secure data partitioning - Media replacement/theft - Spoofing protection Vaulting Services Arrays MAN Remote Locations Tape Servers SAN Data Center CryptoStor SAN VPN -Secure SAN extension -Eavesdropping -Data manipulation

17 NeoScale Systems Questions

18 Appendix: Market Leading Solutions from NeoScale CryptoStor Tape Appliance: Industry s hightest performance. Integrity of data from restored tape ensured with NeoScale exclusive digital signature written directly to tape media Use of vendor-unique tape volume label as basis for per tape encryption and key assignment preserves customer tape management process CryptoStor FC Appliance: Industry s highest performance, simplest to deploy, application and network invisible, in-line primary storage protection even with 100 s of encryption and access control policies enabled CryptoStor SAN VPN Appliance: Industry s first Fibre Channel link encryption offering lowest latency supporting secure synchronous mirroring, secure SAN Extension and information protection over dark fiber and DWDM interfaces

19 Appendix: Split Knowledge for Key Management Keys that must be transported physically must be protected Split Knowledge allows keys to be split into portions Should require multiple persons to perform recovery The top most key of any hierarchy must only be exported using split knowledge (M of N, K of N, Quorum)