Storage Security Part IV: Encrypt on the Target

The best place for tape-based data encryption may well be on the media itself, but until key management issues are worked out, the strategy binds you to a particular vendor’s key management system for the foreseeable future. Our storage analyst, Jon Toigo, takes a closer look.

Earlier in this series on storage security I looked at two architectural options for deploying security: (1) hosting security services on application servers themselves and (2) hosting services in a network, usually on an appliance or (in the case of Crossroads Systems) a router platform.

The server-based option has the advantage of securing data beginning at the point of creation, possibly as part of a grander information-management scheme. The appliance approach provides a mechanism for offloading the processing burden of encryption and the administrative burden of tasks (such as key management) from the server infrastructure altogether, potentially saving time and money.

Both approaches have the value of “target agnosticism,” which is to say that they were useful regardless of the model, make or brand of storage device to which data is being written. This portability is important if companies ever need to go to an alternative environment (to recover following a disaster, for example) where identical server or storage target hardware might not be available.

A third architectural option for storage security involves the securing of data via some mechanism built into the storage target itself, be it an array or tape library, tape or disk media. There seems to be considerable activity in this area by storage product vendors keen to expand the feature/function sets of their products in the face of ongoing storage technology commoditization.

In the tape media area, LTO 4 tape has garnered substantial attention in the trade press. Sporting higher capacity and faster speeds and feeds, the latest evolution of the “Ultrium” tape also touts an on-board encryption capability. Announced a few months ago, LTO 4 Ultrium drives began shipping only a couple of months ago, with IBM being the first to market.

The idea of media-based encryption is not new, of course. Prior to its acquisition by Sun Microsystems, STK was pioneering the technology back in 2004. At the time, reports Sandy Stewart, who is now an engineering manager at Sun, STK surveyed the market and found that most companies did not perceive the need for encrypting tape. Regulatory mandates and widely reported SNAFUs in tape management, such as tapes disappearing from libraries or falling off offsite storage trucks en route to commercial vaults, changed the playing field.

Says Stewart, the need to protect data—especially, data in flight—grew in importance and “people grabbed whatever solutions were available.” Today, he says, there are many adequate point solutions for tape encryption. The real need is for integration.

A Key Beef with LTO 4

That is the key issue cited with LTO 4. According to Stewart and Molly Rector, who serves as vice president of marketing and product management for Boulder, CO-based tape- and disk-technology manufacturer Spectra Logic, the work done by the Linear Tape Open group on tape encryption implements IEEE standards for encryption but offers nothing in the way of standardized key management.

Says Rector, “LTO 4 tape drives offer the capability to generate a random number and encrypt a data stream. However, the tape drives do not solve the complex portion of encryption, key management.”

She reports that Spectra Logic has extended the key management capabilities offered in its BlueScale software environment to include key management of the keys generated by the LTO 4 tape drives. “This extension of BlueScale encryption now enables Spectra Logic to offer a complete encryption and key management offering for LTO2, LTO3, LTO4, SAIT, SDLT and our virtual tape library—RXT.”

This, in turn, addresses what Rector regards as an additional limitation of LTO 4 drive encryption: that it can only encrypt on LTO 4 media. She notes, “Using LTO 4 drive encryption requires an investment in all new media and drives. Spectra Logic BlueScale Encryption enables customers to implement encryption using their existing drives and media while migrating over to LTO 4 as budget and business plans justify it.”

The encryption provided by Spectra Logic and its competitors in the tape library world is hardware-based. With LTO-4 drives, the encryption is handled by a microprocessor that is part of the drive hardware. In Spectra’s case, drive encryption takes advantage of Spectra key management facilities. Reports Rectory, to enable encryption and key management, a superuser must login and then an encryption password can be created. To access encryption features, the superuser must enter the encryption passwords. That way, only authorized users can access encryption features.

Says Rector, “The encryption user creates a key nickname or moniker which is used to refer to each key. This protects the true value of the AES encryption key, so that it is never revealed. The user must also enable encryption for a specific partition (that is, virtual library)—this is as easy as clicking a checkbox on a screen. Data can now be encrypted.”

Once keys are created, she says, “best practices dictates that the encryption user immediately makes a copy of the key (the copy is encrypted using one or more passwords that one or more users enter). Using more passwords increases security. The key, encrypted using the password or passwords, can be exported to a USB key or through an encrypted e-mail attachment. To access the key for import, the proper passwords must be again supplied (typically, an N of M you select—2 of 3, 4 of 5, etc.).”

She emphasizes that, throughout the encryption process itself, “true encryption key values are never revealed.” The system performs a wide range of internal hashing and other security measures to keep the key value hidden.

Encryption Outside the Stack

Sun’s Stewart agrees that the limitations of LTO 4 cited by Rector need to be addressed, and notes that the philosophy of the LTO partnership was to “put encryption in the drive, then let vendors figure out how to get keys to the drive.”

“This has led to a couple of different approaches from the vendor community,” says Stewart. He notes that IBM took the “multi-product” path, requiring their server, their library, and their storage management/backup software to enable tape encryption.

By contrast, he notes, “Sun’s approach is agnostic. We wanted to make encryption independent of the data stack. We didn’t want the customer to be forced to use a specific business application or backup application to manage encryption or keys, which is the direction some vendors have taken. Such an approach limits the goal of interchangeability [espoused] by the LTO developers.”

Says Stewart, LTO4 came to market after the Sun T10000 drive with encryption capability. “It [LTO] is a good mid-range solution, and the same is true of its encryption capability. It provides a solid encryption solution at the media level, although the rest of the infrastructure and key management supporting LTO4 is less secure than the enterprise-strength Sun encryption solutions. In addition, there are concerns about interchangeability of media using LTO4 encryption due to divergence in key management solutions. Sun is adding LTO4 encryption to our portfolio of library supported drives to complement our enterprise-level T10000 encryption drive solution.”

Stewart acknowledges that storage security and encryption are still in a state of evolution and that on-media encryption solves some problems, but not all. The proliferation of point solutions for encryption and key management in the market—and even inside Sun itself – is evidence of this fact.

According to Stewart, Sun has seen a significant growth in the installed base for its native on-tape encryption technology, but is working together with IEEE and with its own ecosystem partners to do something about key exchange. One security problem he notes with the LTO 4 approach is that key values are exchanged in clear text. A dedicated thief equipped with a sniffer could obtain the keys if he so desired. “I know it is paranoiac to suggest such a thing,” says Stewart, “but the world of security is interesting, especially as developers working for government customers know well.”

Two Questions Worth Considering

Stewart and Rector both agree that storage target- or media-based security is a good thing. Stewart says that it makes economic sense, “Encrypting in the drive is low cost, does not degrade performance, is highly secure and is generally independent of all other components of the data stack.”

Rector adds that “Performing security on the target device is preferable in environments that have significant performance requirements and the need to encrypt large amounts of data on a daily basis…The labor cost associated with implementing BlueScale Encryption is nominal. There are four simple steps to follow to set up encryption. Walking through these steps take approximately five minutes to walk through. Once encryption is set up, encryption occurs seamlessly without any changes to backup policies.”

Both assert that there may be a performance advantage in using on-library or on-media encryption instead of other methods. With software- and appliance-based approaches to encrypting data on LTO 3 media, the rule of thumb was for administrators to expect a 40 percent delay on restore speed. If the nominal restore rate is three hours per terabyte with LTO 3, the impact of encrypting data is that it adds approximately an hour and a half per terabyte. When encryption is done in hardware, as it is with Sun proprietary and LTO 4 libraries that will soon be shipping, the impact of encryption on restore is negligible or even “invisible.”

The best place for tape-based data encryption may well be on the media itself, but until key management issues are worked out, consumers will be buying a strategy that binds them to a particular vendor’s key management system for the foreseeable future.

What about encrypting data on disk at the device level? In the next part of this series, we’ll hear from Seagate on this topic. Until then, your comments are welcomed: