How to use Encryption to Keep Big Brother – and thieving 3rd cousins – Away from Your Data
By Blair Semple, CISSP-ISSEP, Director, Business Development, SafeNet
More than ever before, your data is outside of your control – whether you know it or not. For a variety of reasons from financial gain to national security, Big Brother, Aunt Cloud, and lots of thieving third cousins are all clamoring for a glimpse at your sensitive information. And because of the sheer amount of data, and the rise of virtual and cloud storage, it’s pretty easy for them to get to it.
Whether for national security or financial gain, everyone from defense agencies to cyber criminals wants to see your information. Cybercrime rings have grown from accolade-motivated “script kiddies” to multi-million dollar organizations profiting from the sale of sensitive data. Meanwhile, there are several technical trends that, while necessary to sustain and grow our legitimate businesses, are making it even easier for these adversaries to access our data.
First is the sheer amount of data. Worldwide, the amount of data is growing astronomically, and the percentage of that data that’s considered “sensitive” is increasing every year. Sensitive data includes government ID numbers, medical records, credit card and payment data, intellectual property, and anything else that could cause harm if seen by unauthorized persons or organizations.
Second is the rise of virtualization, cloud computing and storage-as-a-service. Virtualization makes it more difficult to keep track of data at all levels of the stack, and makes data easier to copy and move. Cloud computing complicates management and control even more, as organizations share layers in a stack among business units or project teams, or extend their datacenter into the public cloud.
You may even be one of the companies capitalizing on this need by offering storage-as-a-service on a pay-for-use basis like off-site backup and recovery or cloud services. The big issue with both public cloud and storage providers is data ownership and responsibility. Is the onus on the customer or the provider to secure & protect the data? And if a government wants to see the data, does the customer or the provider get the final say on what to hand over? Does the customer even need to know?
For Your Eyes Only
The simplest solution to all these security and privacy threats is data encryption. Sure, a disgruntled employee or cloud admin might take it home on a thumb drive, a cybercriminal might steal it, and a government agency might listen in, but all they’ll see is a garbled mess, not useful information. Without the encryption keys (which are stored separately in high-assurance hardware appliances) to decrypt it, the data is meaningless.
Once the data repository is encrypted, organizations can hand it off to a service provider with the assurance that even if 10 copies are made, each of those copies is still encrypted. No matter where it goes, or how many copies are made, the original owner maintains control of the data by maintaining control of the encryption keys. So even if the cloud provider gets a visit from a government or law enforcement agency looking for your data, they have to come to you for the encryption keys. It may not prevent Big Brother from reading your information, but it does ensure that you know where your data is and who is looking at it.
This is a benefit for cloud and storage service providers just as much as their customers. In fact, many service providers are including encrypted storage as a premium tier in their product lineup. If you are a service provider it not only serves to differentiate you from the competition, but also limits your responsibility for your customers’ data. If your customers retain control of their encryption keys, then they retain control of the data, even if it’s stored in your environment. This can help alleviate security concerns associated with backup and disaster recovery in the cloud, or storing data across country lines, and give organizations the confidence to trust you with 100% of their sensitive data, not just the overflow.
The Bottom Line
Today’s adversaries are more skilled and motivated than ever before, and with so much data to manage, organizations have to turn to virtualization, cloud and storage-as-a-service. Encrypting data in storage environments lets you maintain control of who sees your data, no matter where it’s stored, how many copies are made, or who tries to steal it.
SafeNet and NetApp have partnered to better address your security needs. Through this partnership we offer several security solutions:
NetApp FAS systems offer a growing line of self-encrypting drives (SEDs) that use NetApp Storage Encryption (NSE) and the SafeNet KeySecure appliance for data-at-rest encryption.
Got a technical question? Get answers in the NetApp community!