Encryption is easy .... but what about protecting the keys to decryption of the data/devices, and what happens when those keys are breached or control of them is lost (i.e. a terminated employee leaving decides to copy out the encryption key on his way out).
How should keys be protected, and how do we deal with situations where keys are compromised even if the devices are secure. Re-encrypte everything with new keys?
Thanks for your question about key management. You're absolutely correct that encryption is relatively easy when compared to good key management.
Following SNIA guidelines, a good key manager should provide for:
Backup/Restore Key Material
Archival and Retention of Key Material
Distribution of Key Material
Expiration, Deletion, and Destruction of Key Material
Audit of Key's Life Cycle
Reporting Events and Alerts
When evaluating any solution, you should make sure the above points are covered and done well. For example, with distribution of key material: how easily and securely can my key manager send keys from encrypting endpoint to encrypting endpoint? For this question, if we look at the NetApp Lifetime Key Management appliance (KM500), Data encryption keys are automatically backed up once they have been generated and then synchronized across secure links to second KM500 for high availability. The connection between the KM500s are not only secured via TLSv1.0, the data encryption keys are also wrapped with a symmetric AES 256 bit strength key - preserving the original strength of the key encrypting your data at rest.
With regards to your specific question about a breach of keys either through theft of the key or loss of media which contained the encrypted data, a good key manager should able to help you mitigate this situation. Every event on the key manager should be logged and perhaps even digitally signed for authenticity of the message. Therefore you have a running log of all events and can see when an "authorized" user logs in and performs any action on the encryption keys. If a breach does occur, there should be a way to query for the key ID via multiple attributes (date of creation, LUN number, media ID, key ID, etc). Once the key is located, the key can then be deleted, effectively "shredding" the data that was lost.
If a key itself is lost, the job of rekeying data would fall upon the encrypting device itself. If the device is able to perform an in place rekey of existing data, the key manager's job would be to automatically backup the new key and store it securely. This is practical for encrypted SAN disk and file/folder encryption, but not practical for tape deployments. For tape deployments, it is recommended that you select a "key per tape" encryption policy to minimize any exposure to a key compromise. Encryption solutions which favor a single key assigned on each encrypting endpoint or a shared key across an enterprise creates shared risk for all media encrypted using the same data encryption key. If a key is compromised, all data encrypted with that key is at risk. In a key per tape environment, your exposure is limited to a single tape.