Data backup Security Strategy: Cloud security, encryption and data destruction

Data security has been a source of concern since 2005, when Bank of America encrypted tapes were lost, resulting in a large disclosure of customer data. Before that, some of the bank's system administrators thought that tape encryption devices were too expensive, and some administrators thought that data encryption was like insurance, not the first thing to do, and that some administrators ran aground because they didn't know whether to buy backup software or buy security software. The US bank leaked customer data in violation of local law, but the Specter-leahy law stipulates that security data and customer personal data theft can constitute federal-level crime. California State 2003 SB-1386 Law began to make provisions for the disclosure of data. In the law of Tiyatien Ping Portability and accountability enacted in 1996, the medical records of individuals were not allowed to be made public. "From this we can see how companies comply with the law," said Michael Versace, a researcher and partner at the Information Security Agency, Wikibon. The law provided for the protection of clients ' privacy information many years ago. "There are four aspects of data backup that are closely related to data security: Tape encryption, cloud backup security, Key management, and data destruction." Now let's talk about it separately. Tape encryption Scheme in 2005, only data encryption devices can encrypt tapes, and many banks simply cannot afford to pay them because of the high cost of such devices. Software-based cryptography is a little cheaper and performance is less than required. "Since then, IBM and Sun Microsystems have been researching LTO-4 tape encryption products and want to add it to the existing tape architecture," Versace said. "However, the recent survey of purchasing intentions organized by storage magazine shows that most companies still do not use tape encryption devices." About 50% of investigators say they already use cryptographic devices, and only a handful of unused people will buy tape-encryption devices next year, and most still feel that tape encryption is not very necessary and can be postponed for years. At the same time, data-disclosure events have also been happening around the world, such as the recent UK rural payments agencies. Open Security Foundation's Dataloss DB reports on businesses that lose data every day. Versace said: "Some users have been worried about, if the wrong operation or encrypted data can not restore what to do?" "Companies that are not using disk encryption devices are lagging behind," said Jon Oltsik, an analyst at Enterprise Strategy Group (ESG). "Editorial recommendations: the advantages and disadvantages of tape encryption methods--host-based encryption vs." Based on device encryption, see this article. Cloud Backup security data security has been a key issue in cloud storage. Earlier this year, Gartner said: Many customers are afraid ofIt is unsafe to give up cloud storage. Because the stakes are too high, some companies do not want to outsource data to third party companies. Most cloud service providers, such as IBM, encrypt the data when they transmit it. The user's data is not displayed in plaintext, and only users who hold the key can recover the data. When users monitor and manage cloud backup systems in the background through the Web interface, the Cloud Services Association uses SSL links to encrypt data. "For some larger companies, data encryption can be done independently by the company because of sufficient funds," Versace said. But it would be more cost-effective to outsource data encryption to a professional company if it is a midsize or small business. "Information Security advisor Kevin Beaver in a recent article that it's not enough to use encryption and SSL when transferring data, and there are a number of potential insecurity factors to consider." Oltsik points out that any person holding a key is at risk of security. Buy the administrator and then decrypt and copy the data, and this happens sometimes. Edit tip: Refer to Kevin Beaver's online and cloud backup article on how to secure your data. Management key Many storage manufacturers follow some data security manufacturers to start providing key management products. At present, various levels of encryption and key management products have been widely used in various data centers. Although there are many products on the market now, experts believe that the lack of a unified industry standards to connect them, this is the key management industry has encountered the biggest problem. Earlier this year, Hewlett-Packard, EMC Inc./RSA Security, IBM and Thales Group of other manufacturers to the Oasis to establish a key management system and encryption equipment industry standards application. This standard repeats with the industry rules established by IEEE in January 2008, but IEEE plans to integrate its industry rules into the broader Oasis Key Management interoperability protocol. Oltsik said: "We will establish a formal KMIP standard in 2010" Even if standards are set, some problems remain. In early November, the CA company introduced the Key Manager (EKM) software based on z/OS mainframe, and said that many users needed the secret key encryption manager based on the open source system, and that without the key, the encrypted data would not be restored (IBM, the manufacturer of z/OS was very surprised by the incident, Because IBM's key management system can be directly deployed on the open source system. Versace said: "The key management is distributed or centralized is not finalized." All the key management systems are all distributed, that is, they need to be deployed to each terminal machine, but some operations require centralized management, such as key modifications, audits, and logins. I personally think that the final product will combine these two ways. "Edit hint: Please refer to Kevin Beaver's encryption Key management to make your data backup safer this article dataDestruction and data deletion are more secure each vendor offers a number of ways to destroy or delete data. If there are sensitive data on disk media, the conventional means cannot be eliminated, so EMC Corporation achieves the goal of completely deleting the original data by writing the data again on the original data. Degaussing is another way to eliminate data and not break the physical media. In the future, the encrypted data can be safely removed by simply destroying the relevant key. "This is not a data-de-duplication issue, but a problem in data security management," analysts said. What data needs to be deleted is the most important issue in this link. "Tape encryption did not cause much attention in the past 2005 years," he said. Oltasik said: "Most people think that data deletion is relatively simple, this may be because the company's data deletion is not as strict as the military requirements." "Editorial Recommendations" RSA CTO resolves the future of cloud computing security provide cloud computing services from industry application cloud Security is a basic service Architecture "responsible Editor: Faya TEL: (010) 68476606" Original: Data backup Security Strategy: Cloud security, encryption and data destruction return to network security home