• Home
• Articles Archive
• Features List

• Media Pack
• Contact Us
• Subscribe

Is Your Backup Compliant?

From STORAGE Magazine Vol 4 No 02 - April 2004

By Scott Gordon, Vice President, Marketing, NeoScale Systems, Inc.

Data privacy compliance generally has the following parameters: (i) only authorised user(s)/system(s) can access and modify only certain information that they are authorised and necessary to access, (ii) the privacy of the information is maintained, (iii) the integrity of the information is maintained, and (iv) auditable records are maintained which attests said access, privacy and integrity.

When systems and storage resources have discrete access processes, organisations can more easily implement security measures which demonstrate compliance. As resources, connections, access and media become more numerous and distributed, the complexity towards adhering to privacy guidelines becomes more challenging - this is especially true with distributed backup and business continuity functions.

Directive 2002/58/EC of the European Parliament concerns privacy and electronic communications of data; in which organisations must use appropriate technical and organisational measures to protect against unauthorised or unlawful processing of data, and only permits transmission outside the European Economic Area (EEA) with adequate protection for only authorised and necessary access. Breach of the Directive can have dire consequences ranging from fines, public incident disclosure, and possible prosecution of corporate officers attributable to such negligence. More information is readily available from: http://europa.eu.int/comm/internal_market/privacy/index_en.htm).

Adhering to privacy guidelines for medical, financial, commerce, and legal purposes may require additional layers of defense since due diligence is subject to the test of measures being reasonable according to industry best practices. Storage resources associated with sensitive applications can be protected in a physically secure environment (e.g. physical access cards, lock, guards and gates). However, the data lifecycle management services must provide for integrity, audit or proof that best eliminates inappropriate access to sensitive information. The questions is: what can organisations do to ensure the access control, privacy, integrity and auditing concerning backup tape media - perhaps the most widely used means for data recovery and business continuity.

When one discusses backup and tapes, the first issues that run through IT staff's mind is that of availability, backup and recovery windows, access logistics and reliability. Security is never ignored - but often is second place, termed as part of the logistics process, or can be seen as an expensive inconvenience. Defenses for tape media is typically handled by way of physical defenses (as mentioned above, locked racks, armoured trucks, secure boxes, and vaults). As with other IT functions, complexity will vary according to:

• the amount of media being managed and the proximity of control
• the level of heterogeneous systems and applications within the backup environment
• how backup applications can secure the data on the tape
• how distributed the media becomes and what distribution exposures exist
• under what circumstances can the media can be accessed for recovery purposes
• the degree of pooling of business critical information from different sources
• the means to record access to such media both physically and electronically
• how security might affect available backup / recovery windows and processes

Tape backup underpins many firms' operational resilience, but in reality, is often overlooked as a security exposure. The portable media can now contain as much as a half terabyte of trusted, valued or regulated information. Any storage media that is accessible internally, handled by many staff, and often sent outside the confines of the data centre can be vulnerable to unauthorised data access, theft or corruption. The economic benefit of pooling stored data, the use of managed application services (such as customer relation management applications), and the use of remote backup services (such as vaulting and disaster recovery), may also expose companies to privacy risk and liability.

Since tape media breach discovery is often "after-the-fact", it can adversely affect systems recovery and business liability. How does an IT manager know if sensitive information stored on their tape media has been lost, mis-delivered or stolen? The answer - during the worse possible time - during the recovery process.

How does an IT manager know if sensitive information stored on their tape media has been copied? The answer, unfortunately, is very difficult, if possible at all. Once open system portable media is in the hands of the adversary, there is unlimited time to sample, analyse and reconstruct the information regardless of backup application and compression algorithm. Physical security and manual media tracking are required efforts minimise access risks and assure system recovery, but are costly to scale.

ENCRYPTION
The use of data encryption can be the most cost-effective means to achieve the greatest level of privacy. Many backup applications already invoke access permissions, integrity checking and passwords - some encryption. The degree at which the backup applications can address data privacy guidance, even with the use of encryption, may still be subject.

Software-based encryption is available depending on your firm's backup application. Some backup applications support encryption with varying algorithm strengths while others to not. For example, 56-bit key encryption can be broken using brute force (processed guessing) while 3DES and AES algorithms can not. Most offer encryption capabilities as an add-on product tied to the vendor's application or even public key infrastructure (PKI) system. Depending on the scope of the implementation and number of backup applications, this approach can place additional management burden and costs.

Regardless of encryption algorithm strength, software-based encryption consumes system processing, which in-turn impacts application response and affects backup windows. This will often require spending to increase system processing horsepower or off-loading such security processing requirements. Additional considerations regard key management and media management. Keys are used with the encryption algorithm to secure data. Therefore appropriate management, use and protection of the keys are required and will vary by vendor.

Key management provision must be analysed by users to assess implementation requirements. Furthermore, encryption flattens files and data which can adversely affect compression ratios offered by tape library vendors. Without the use of selective encryption, firms would have purchase more media to address lost compression rates.

A storage security appliance can be a very effective means to address EU e-Privacy Directives. An appliance approach offers an application and platform independent means to off-load security processing associated with locking down tape media during the backup process. Just as backup parameters are invoked by way of volume and label, so can a security appliance can be placed along the backup data path (as a Fibre channel or SCSI device) and enforce data privacy according to administrator defined rules. The rules can selectively apply encryption using unique encryption keys - enabling shared media while protecting different sensitive data.

Since the encryption is applied at the block-level to only the payload (not the management data), the appliance is transparent to the backup application and storage devices including the library. The backup security appliance can also employ data compression prior to encryption. By turning on compression at the appliance (and turning it off on the library), the economies of data compression rates would be maintained. Lastly, the appliance can also add cryptographic data integrity checking at the block level prior to the data being written to the media (assuring integrity upon recovery).

A storage security appliance also has the advantage of centralising the whole backup security function. Authenticated access controls with delegated administrative tasks further tighten access to the appliance and the maintenance of security policies. Key management and protection is centralised and policy can be uniformly enforced, regardless of the backup application.
Essentially, the appliance tracks the association of keys to media or backup jobs. And since all security actions are securely recorded, such as key association to backup jobs, data integrity and system access, the appliance offers a platform which meets secure, non-reputable audit records adhering to legislated privacy guidelines.

Clearly storage tape media has inherent access and theft exposures in every stage of media lifecycle management - provisioning, archiving, transporting, vaulting, retrieval, rotation and retirement. Physical security measures only scales so far and may not fully negate privacy liability.A layered defense model that includes encryption and the use of storage security appliances can offer the most cost-effective means to protect stored data - reducing business risks and contributing to privacy defense compliance. ST