Entries categorized under “Key Management”

Last week I wrote about Symantec's introduction of the Data Insight feature into its Data Loss Prevention (DLP) product. But afterwards a number of questions came to my mind as to how the DLP product itself worked, especially when compared to other solutions in the eDiscovery, search and storage management space, as well as how the Data Insight feature is implemented. So to get those questions answered, I got back on the phone with Robert Hamilton, Symantec's Senior Product Marketing Manager for DLP. (read more)

The current recession's wrath has spared few, and technology has seen its hard times just like all industry sectors, but one area that appears poised to be one of technology's biggest benefactors is healthcare. When the Stimulus bill was passed, President Obama made it a point to bring healthcare technology front and center by providing $19 Billion dollars for the implementation of an electronic medical record (EMR). $19 Billion dollars certainly gets companies attention and most are either positioning themselves, or renewing their focus on healthcare to glean their share of this substantial investment of dollars. (read more)

The 2008 Crypto Conference provided a lot to talk about this year. If you didn't know a Crypto Conference existed, you aren't alone, but it is where the best and brightest mathematicians gather to discuss cryptographic and cryptoanalytic research. However at this conference Adi Shamir (the "S" in RSA Security that stands for Rivest, Shamir and Adleman and that is now owned by EMC) gave a presentation for a new attack on encryption systems called the "cube attack". The ramifications of this attack sent a collective shockwave across the data security sector. Since encryption is revered as our best alternative and last safe harbor from data exposure, any weakness shown by encryption algorithms can have a dramatic ripple effect in data security. (read more)

In Asigra's recent release of Televaulting 8.0 data security remains at the forefront with their use of the AES encryption algorithm to encrypt data while in transmission across the network; or at rest in its DS-System or BLM Archiver. Televaulting's approach to encryption key management provides several options in how to best approach encryption key management. Televaulting 8.0 gives users and service providers several key ways to protect data from unauthorized exposure. (read more)

Our understanding of LTO-4 tape drive encryption is that individual tape drive vendors may encrypt data in different manners. We cautioned that if you have not standardized on an LTO-4 tape drive vendor, an LTO-4 tape cartridge encrypted by one vendor's drive may not be readable on another's LTO-4 tape drive. Our specific quote was "So even if all your tape drives are LTO-4, if they are from different vendors, an LTO tape encrypted by one tape drive may not work in another." (read more)

Imagine this scenario, you are sitting in your office enjoying your morning coffee when you are called into an emergency meeting and told that a backup tape containing customer's personally identifiable information has been lost. How you react to this revelation is obviously based on what steps, if any, you have previously taken to protect the customer information of your company's clients. So do you calmly notify everyone that all backup tapes are encrypted and thus customer information is safe and your company is not at risk? Or do you start checking websites to find out what the criminal and financial penalties are for storing unencrypted customer information on tape? (read more)

In a previous blog entry we discussed different technologies available to encrypt backup tapes and the unlimited liabilities associated with the breach of an unencrypted backup tape. Making sure the data on that tape is encrypted, however, is not an automatic cure-all. After all, encryption is only as strong as your key management and, in some states, encrypting backup tapes is no longer enough to protect your company from future risks. (read more)

Even if you do not closely monitor the data storage space, chances are still above average that you have seen headlines about BNY Mellon Bank losing unencrypted backup tapes and the ensuing media storm that surrounded this disaster. Since that loss occurred, the aftermath has expanded to affect clients from two other banks. Data losses can occur for any reason. They could be the work of a well-disciplined, external network attack or simply stumbling corporate negligence. In either case, it is unfortunately customers who suffer most as their personal information is compromised. (read more)

The more pressing question is not which method should companies choose to encrypt data but, "How do companies generate and manage the encryption keys that are used to encrypt and decrypt the data?" The obstacle here is that there is no industry standard way to generate or manage encryption keys long term. (read more)

A majority of organizations still rely on tape as their primary means of data protection. However, with the increasing popularity of disk-based backup, companies are repurposing tape for their offsite data storage and longer term data retention needs. As they do so, new requirements for tape encryption and encryption key management are emerging. I recently had conversations with two individuals at Quantum Corporation to discuss these trends in data protection and how Quantum is responding to them. (read more)