Encryption key management worries loom

Encrypted storage will require storage admins to think through key management

1 2 3 4 Page 2
Page 2 of 4

Management needs

The key management systems found in most tape encryption systems "are fairly automated and (the customer doesn't) have to worry about it too much," says Walt Hubis, a software architect at LSI Corp. and chair of the key management services subgroup at the Trusted Computing Group, a non-profit security standards organization.

But key management will become more complex, experts say, as encryption finds its way into more and more storage devices, in addition to the existing encryption used in networks and in applications such as databases.

Depending on the complexity of a company's environment, a management system may need to control which users, applications can create and destroy keys, send and receive keys and determine how long keys will remain in effect. Some keys (such as those used to encrypt data in transit) only have a lifecycle of a second or so, says Hubis, while others that protect medical data must be maintained for 20 years or more. In addition to managing keys for encrypting and decrypting data, a management system might also need to handle the keys used to encrypt and decrypt the keys themselves.

At the low end, says Hubis, the key management can be as simple as a client requesting a key from a server, receiving it, and then using the key to decrypt the data. In client-server authentication, the client and server must authenticate their identity to each other (possibly using a third-party certificate, as with PKI) and use an encrypted channel for their communications.

Destroying a key at the end of its useful life, and insuring it has been destroyed, is especially important where regulations require the destruction of data after a certain time period, since the destruction of the key is considered (under some regulations) equivalent to destroying the data.

Security and Disaster Recovery

Maintaining key availability in the event of an equipment outage or disaster is also critical because without the key, the data can't be recovered. Moulds recommends building a distributed key management and delivery system so the failure of a single component, such as a key repository or key server, can't disable data access across the entire organization. It's also important, he says, to design the system so that the keys needed to decrypt data for legal or regulatory purposes can be quickly found and used to recover the needed data.

"The security of your key management system should be as high as the most secure data it protects," recommends Moulds. That might mean the use of smart cards or two-factor authentication to control access to highly sensitive keys, he says. "A lot of customers want to go further and insist that no single administrator control" the key management system, says Moulds.

1 2 3 4 Page 2
Page 2 of 4
  
Shop Tech Products at Amazon