Storage encryption: Leaving compliance out of the discussion

While you might be tempted to orient the encryption discussion around the ramifications of not adhering to compliance regulations, don't go down that road. Most often, the argument won't work. Many customers take an "it can't happen to me attitude" or explain that they are doing what their organization's legal counsel has advised, which can either end the discussion or send you down the hall to see the corporate attorney.

So, instead of spending time citing facts and figures about compliance, make encryption an IT issue. Most IT professionals will agree that data leaving the building needs to be in an unreadable fashion, and they know that data is leaving their building.

The obvious example is tape. If the customer is shipping tape off-site, they need to be encrypting that tape to make it unreadable. This can be done via tape drives with native encryption, like LTO-4 format drives, or by implementing a stand-alone appliance -- like those from NetApp or Thales -- that encrypts data regardless of the tape drive used. The stand-alone appliance uses a common encryption method across differing tape formats.

The next example is user data leaving the building. While this is mostly a network and building security issue, but storage resellers can apply laptop data protection to secure local data. Once the data is successfully backed up, your customer can use technologies like Spearstone's DiskAgent to perform a remote wipe, or they can enable on-device authentication with destruct-on-failure capabilities via another utility.

The i...

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Data Protection and Backup Services EMC gives Avamar desktop, laptop support; Spectra Logic looks to leapfrog high-end tape market Two inroads to cloud data backup services Data deduplication software trends; Hot, warm and cold disaster recovery site options Using Perl to script backup jobs How to resell cloud storage services How to become a cloud storage services provider Disaster recovery testing: SMB vs. enterprise Backup design: Source-side considerations Paragon Software's new channel partner manager to focus on training, recruitment How to secure primary storage for life outside the data center Regulatory Compliance Services Licensing problems as Apple halts ZFS development; EMC lays out data archiving and ediscovery plans Electronic medical records (EMR) push driving storage revenue Our top five storage tips -- so far Email archiving services Early case assessment tools for e-discovery Check up on storage services for your clients Unified communications spurring storage services Enterprise content management, e-discovery can mean storage revenue Channel Explained: Hosted email archiving Electronic data discovery services in demand for 2008 Data Backup and Data Protection Two inroads to cloud data backup services Using Perl to script backup jobs How to resell cloud storage services How to become a cloud storage services provider Backup design: Source-side considerations How to secure primary storage for life outside the data center How to develop a backup data reduction strategy for customers EMC/Data Domain deal: How should VARs react? Tools for virtual machine-based disaster recovery How to solve out-of-space problems on NetApp replicated volumes

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary

ssue of user laptops leaving the building also can naturally lead to a discussion about a virtual desktop infrastructure. While mobile capabilities have long been a shortcoming in VDI products, Citrix and VMware are rapidly closing that gap, with the ability to access VDI resources while offline, though the products differ in their implementations.

VMware View and Citrix XenDesktop allow admins to store all user data locally on the SAN. If a laptop is stolen or lost, a remote wipe can be performed. And, they'll be able to get that user back up and running the moment they can find another desktop or laptop and connect to the Internet.

Finally, let's talk about storage in the data center. Many storage managers will push back on encrypting this data. That's because once a user authenticates into the network, most encryption is defeated.

What they often fail to consider is the threat posed by data center storage -- rather than just the data itself -- leaving the building. And data center storage does leave the building, typically in two scenarios: when a drive has died and needs to be sent in for return, and when an array is decommissioned.

In both cases, there is real data on those drives, and people who really know what they're doing can pull data from a single drive that used to be in an array and find things like Social Security numbers. Worse than that, decommissioned arrays that end up in the trash or on eBay carry the complete data set.

Both of these scenarios can be addressed quickly and easily with encryption. This can be done at the drive level (companies like Seagate offer encrypted drives) or at the SAN switch level (companies like Brocade have encryption blades that plug into its SAN switches). In either case, simply remove the encryption key from the drive or the array, and the data is totally unreadable.

Focusing on fines and jail time in your discussions with customers will end up making storage encryption a long, hard sale. But if you instead address the issues that really affect them, it becomes an obvious project for them to embark on.

Here is Kevin Beaver's story on storage encryption:

Storage encryption essentials

The assumption that firewalls, file permissions and passwords provide enough security without the additional overhead of storage encryption is no longer true. There are plenty of opportunities for secure storage systems to be compromised by forces both outside and inside your organization. Storage-area networks (SANs), network-attached storage (NAS) and direct-attached storage (DAS) systems are goldmines of sensitive information waiting to be exploited.

Here are some tips to help you begin a storage encryption project in your organization.

Getting started: Identify your weaknesses

There a few things you need to think about before you get started with storage encryption. First, determine your current data storage weaknesses -- you can't protect what you don't acknowledge.

Read the rest of Kevin's story about storage encryption.

About the author

George Crump is president and founder of Storage Switzerland, an IT analyst firm focused on the storage and virtualization segments. With 25 years of experience designing storage solutions for data centers across the United States, he has seen the birth of such technologies as RAID, NAS and SAN. Prior to founding Storage Switzerland, George was chief technology officer at one of the nation's largest storage integrators, where he was in charge of technology testing, integration and product selection. Find Storage Switzerland's disclosure statement here.

Rate this Tip To rate tips, you must be a member of SearchStorageChannel.com. Register now to start rating these tips. Log in if you are already a member. DISCLAIMER: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.