This is such a straightforward problem to solve it’s annoying that it still makes the headlines. Laptop and tape encryption are the low hanging fruit of data security. Not that they are click-box easy, but it’s pretty straightforward for most organizations to protect this stuff.
Home Depot lost a “password protected” laptop when it was stolen from a car, and 10,000 employee records with it. Iron Mountain lost a case of backup tapes with a decade’s worth of Social Security Numbers from college applicants in Louisiana. Their proactive strategy to protect their customers?
“We certainly don’t want to create any panic. But people should be aware and take the necessary steps,” Amrhein told the AP. “This is backup data off of a mainframe that contains sensitive personal information.”
Darn, it’s my fault for applying to college and not being aware. Silly me.
I do take umbrage at some of the misguided advice at the end of the article:
“If you buy encryption you need to work with the company’s legal department and top executives on a process where you can prove data on a stolen device can’t be tampered with,” he said. “A cradle-to-gave transaction record on the server is one way to provide an inventory on the current state of all your drives. Another, more difficult approach is to write everything down.” He said it helps if a company can show it is using a reputable vendor to put a barrier around stored data, and mentioned Seagate Technology as an example. The Scotts Valley, Calif.-based hard drive maker said this week it will roll out enterprise-class drives with full disk encryption in 2008 and will push to make hard-drive encryption standards a reality to reduce complexities that could hinder adoption.
Like a cradle to grave transaction record and an inventory of all you hard drives is realistic. Also, while encrypted drives will play a role in data security they are far from a panacea! First of all, the software solutions today, especially for whole drive, are effective without requiring you to install new drives. Second, the encryption on those drives is managed by software, so now you’ll have to buy both the encrypted drive and the software to manage it. More often than not, non-laptop encrypted drives are totally unnecessary and don’t improve security.
I like how Seagate designed their drives, but it’s not like they’re the right choice in all cases, nor will they put us (or software encryption) out of business.
Remember the Three Laws people. Use your encryption well.
Reader interactions
3 Replies to “Flashback To 2005- Home Depot and Iron Mountain Lose Laptops And Tapes; Another Encryption Rant”
Chris,
I should apologize- my large enterprise bias from Gartner is clearly showing through. For larger enterprises there are a few solutions that are much more manageable than what you describe, but I will completely admit that options aren’‘t nearly as good for SMB.
I’‘ll ping you privately for more details of what you’‘re using and maybe I can help out. Also, focus less on the keys- I personally don’‘t believe you need to rotate them every time an admin changes, depending on the circumstances. The goal of tape encryption is to prevent interception when tapes are moving from two secure locations, not to guarantee absolute security from cradle to grave.
last example for today is the blog of Securosis, LLC, the independent security consulting practice of former Gartner analyst Rich Mogull. This
Rich,
I don’‘t know if you fully appreciate the ugliness of backup encryption. Perhaps you do, in which case you’‘re glossing over a lot! 😉
Assume backups are retained for 3 years (we recently dropped our SLA from 5 years for much of our backup data). Yes, you could shorten it, but although you might have to, legal concernss should not be removing useful business services (restoration of 3-year-old data is sometimes both useful and important).
My group is 6 people, two of whom left within the past 6 months. We have a temp learning the backup system right now. Tape encryption means changing the encryption key twice so far this year, and one more time when the temp leaves—that’s 3x in 1 year. And keeping the original and all three new keys where they are accessible to my entire group of (theoretically) 6 in an emergency, plus a copy for management, and they all must be secured.
Theoretically, we should copy and re-encrypt all our tapes (that’s a lot of tapes, and we’‘re a relatively small organization—we don’‘t have that many free tape drives/slots) each time a trusted admin leaves, but it’s just not practical, so that means sensitive data that the ex-admins still have the keys for.
The software has to run unattended, and I don’‘t think ours is as clever as
ssh-agent/Gentookeychain, so ours “enterprise backup software” basically keeps the encryption key in a readable file on disk. That means we could attempt to partition it, but any admin on the backup server is effectively a trusted backup admin with the key (even if they never look at the key, they have access, so they’‘re in the list of people whose departure requires rolling new keys).With 4 backup servers and 6 full-time admins, we’‘re talking 10-15 copies of the key, times however many keys we use over the course of 3-4 years. All of them are just as sensitive as
rootaccess to our most sensitive hos. If we want to loosen things up a little, multiply that number of keys by the number of machine classifications (different encryption keys) we use, and we now have to keep track of which machine is backed up into which encryption group alongside everything else.I’‘d say “low hanging fruit” is overly optimistic. I’‘m just glad we’‘re not doing CC processing, which gives us more flexibility. Not to say that tape encryption isn’‘t often needed, but it’s not “pretty straightforward” to do it right. Yes, we could stick a label with the key on each tape library and get protection from losses in transit, but that would be lousy security.