United States
Site Map Contacts Hitachi Global Community
Hu's Blog - Data Storage and Virtualization Thought Leader Hitachi - Inspire the Next

Hu Yoshida's Blog - Vice President | Chief Technology Officer

Home > Corporate > HDS Blogs > HDS Bloggers > Hu's Blog
Products, Solutions and more

Hu's Blog

To Encrypt or not encrypt

by Hu Yoshida on Jan 9, 2006

Lucas Mearien of Computer World reported that ABN Amro Mortgage Group Inc, will no longer send data tapes to its credit reporting bureaus after one of its tapes went missing. The company’s CEO Thomas Goldstien is quoted as saying “the company will encrypt data and send it over secure networks when possible..”

That makes great sense, encryption to ensure data privacy, and transmission over secure networks for data protection.

HDS Security Architect, Eric Hibbard, adds some additional comments regarding encryption of data. Eric who has authored security tutorials for the SNIA Security TWG (PDF), differentiates encryption of data in flight and data at rest. He advises that sensitive or regulated data which is to be sent off site or to a remote location, should be encrypted  during the transfer process. Use encryption to protect confidentiality of sensitive or regulatory data, along with access credentials for that data while it is in flight. Encryption of data at rest, should be done as a measure of last resort for primary data. Use extreme caution when encrypting data at rest since data can be lost if the encryption key is lost or damaged. Long term key management is critical for encryption of data at rest. Since there are additional computational resources  and response time considerations for encryption/decryption, a data classification based on cost, risk, and accessibility should be done.

The SNIA Storage Security Industry Forum is a good resource for tutorials and white papers on storage security.

Related Posts Plugin for WordPress, Blogger...

Comments (3 )

Ludovic Leforestier on 12 Jan 2006 at 6:29 am

Hi Yu,

Maybe they should use their IBM zSeries mainframe and start encrypting their tapes then?

http://www-03.ibm.com/systems/systemz9/feature092705/

mike on 18 Apr 2006 at 11:35 pm

i just have read your blog, if you can’t decide how to do, check http://www.yaodownload.com/utilites/security-encryption/invisible-secrets-4/ to make your decision.

john on 14 Jan 2007 at 9:19 pm

Giant, cumbersome, multinational vendors growing via accuisition rather than service provision are giving the offsite tape storage industry a bad name.
There should be no need for encryption because no tape should never go missing. Simple! Why should the client be punished for his suppliers stupidity and neglect?

Hu Yoshida - Storage Virtualization Thought LeaderMust-read IT Blog

Hu Yoshida
Vice President and Chief Technology Officer

Connect with Us

     

Switch to our mobile site