|
|
|
Features
< Back
Sarbanes Oxley : Technology : Storage
Securing Secondary Storage for SOX
By
Dore Rosenblum
|
|
Dore Rosenblum
Vice President of Marketing
NeoScale Systems
|
Although the purpose of the Sarbanes-Oxley Act was to ensure corporate financial accountability and eliminate the risk of any future Enron-type debacle, it has had a major impact on IT departments. Sarbanes-Oxley requires companies to store and protect all relevant financial records for seven years, and those records may include unstructured and semi-structured data such as e-mail in addition to spreadsheets, contracts, audit reports, and the like.
As business-critical data proliferates, so does the demand for secondary and archival storage. The majority of storage solutions in this category use tape media, which is the most prevalent source for data recovery and backup. Although enterprises have implemented access controls and tighter infrastructure management provisions to protect against hacking, viruses, and unauthorized access, such safeguards fall short of protecting the tape media itself. Firewalls, virtual private networks, and physical protection do not address the unique attributes of distributed stored data and tape media.
Internal and external threats
Portable storage media, readily available internally and sent outside the protection of the data center, is inherently at risk to theft. Moreover, the use of more distributed storage resources and immediate recovery solutions compounds the need for storage security to evolve beyond physical protection.
Because they are small and portable, backup tapes are particularly susceptible to data theft, compromise, misplacement, unauthorized access, or corruption. The result of such events is typically not discovered until long after the data has been damaged. The decreasing size and increased portability of backup media gives unauthorized users more time to read tape data, analyze confidential information, and in some cases, rebuild entire systems.
Many enterprises turn to outside service providers to increase capacity and reduce the costs associated with storage management. While the cost savings may make a compelling business case, using an outside service increases the risk of unauthorized personnel accessing the stored data. Additionally, the service providers who manage and support backup processes/resources have greater knowledge about, and more immediate access to, this data.
In summary, Sarbanes-Oxley presents new challenges to protect storage media. Storage media protection and authentication controls at the storage system and media levels can provide strong barriers against unauthorized stored data disclosure, theft, and corruption. Given that sensitive data stored on removable media or virtualized tape subsystems can be stolen, tampered with, or corrupted, more safeguards must be put in place.
Storage Safeguards
Securing data stored on tape requires strong encryption (128-bit key or longer) to convert data into ciphertext, which cannot be deciphered without the decryption key. It also requires strict key management. A key is a value that, when applied to a cryptographic algorithm, can be used for strong data encryption, authentication, and integrity. Key management determines how keys are created, implemented, protected, distributed, updated and terminated.
When considering Sarbanes-Oxley compliance, any solution for securing tape media must provide a comprehensive approach that covers all locations and enables consistent enforcement of security policies. Here are three common solutions:
Securing the Backup Server - Putting data encryption on the server adds performance overhead, which can slow down application response and performance. Encryption keys would need to be protected and managed on the systems ? a difficulty that is magnified based on the number of hosts and their locations. Backup applications at both the local and the remote recovery locations must be decentralized to accommodate encryption and enforcement of security policies and processes.
Securing the Tape Library - Implementing data protection at the tape library would add encryption to the media management and compression capabilities available in most libraries, which may increase the library/system cost as well as the form factor. Key management must also be taken into account, as the tape library is generally not a secure platform and can involve multi-vendor, remote, or third party managed components.
Securing Data Using a Storage Security Appliance - A tape media security appliance offers the benefit of performance, centralized management, protected/managed keys, flexible deployment, and seamless integration with backup applications. The appliance can operate in a network path and can be placed before a storage area network (SAN), network attached storage (NAS), or data archive system (DAS) connected tape library. The tape media encryption mechanism offloads the processing burden associated with media encryption with nominal latency and can centralize the security management function, which in turn provides greater policy enforcement and solid key protection.
A tape storage media protection and authentication solution requires the following design factors: transparent operation, centralized security management, and data management/recovery.
Transparent Operation
The more transparent the protection, the more likely it will be adopted. For storage media encryption to be applied and managed transparently, the stored data must be compressed, encrypted, and authenticated at the block level prior to being written to tape. The encryption process must also take into account the unique formatting and cataloging of the backup application.
Transparent operation enables backup and storage administrators to incorporate storage security into their functions without compromising data recovery or normal operating policies, processes, and procedures. Some of the attributes that define transparency include:
Performance: Implementation will dictate that security should not impede the performance (read-write data rates) of the tape device. Without adequate performance, backup windows will be missed.
Compression: A value-added feature in many tape libraries is the ability to compress stored data to increase capacity. The encryption process ?flattens? data sets, which ultimately affects compression rates and requires the security device to support compression options prior to encryption.
Compatibility: Storage media protection can be accomplished at different points including application software, controllers, host adapters, and storage devices. Such implementation can pose compatibility issues and places an additional burden on the storage administrator. Applying storage media protection as an in-line service shields it from the host storage boundary and means it can be readily deployed independent of the application, subsystem, vendor, or other media management tasks.
Unobtrusive: The system cannot affect the way administrators configure backup/restore, tape labeling, or cataloging. Operators must be able to perform their tasks normally. Securing stored data should be policy-driven, and such policies must be made in terms that the operator understands, such as volumes and pools. If such policy-driven functionality can be deployed both centrally and at remote sites, distributed tape controls can be executed cost-effectively.
Centralized Security Management
Effective remote and local management of tape storage requires authenticated user access, role-based privileges, and proven crypto-key processing.
Role-based privileges: Authorization determines if a user can monitor the system as well as recover keys/policies and create rules and encryption keys. Administrators will need to scale to support simple environments, where the security officer and storage administrator are the same, as well as more complex, diverse models in which authority is delegated.
Key Automation: The system should be able to generate or accept a set of master keys according to recognized security standards and proven public algorithms. Master keys can be used to protect the encryption keys and to authenticate as well as check the integrity of the appliance policy. The media encryption rules and associated encryption keys create the system policy. The appliance should protect all keys by digitally encrypting the rule keys, encrypting and authenticating the system policy, and authenticating administrative access. Using a master key ensures that appliance policy and configuration information can be securely restored and used to recover encrypted data.
Secure Key Storage: The system should monitor access to ensure that if someone attempts to physically access the storage unit , all encryption keys are automatically zeroed out. The use of visual cues such as labels and displays should also indicate if there has been any tampering.
By centrally controlling the storage protection policy and delegating tasks using proven best security practices, rules and defenses can be consistently implemented, audited, and maintained.
Data Management/Recovery
Data protection must take into account storage media attributes and backup processes, including:
Key Protection: Since tape media is typically removable, remote, and/or persistent, data protection requires unique keys that are associated with each tape. Keys will need to be mapped to the media catalog data (which is vendor specific) or they can affect long-term archival recovery.
Key Life: Encryption keys require protection against brute force attack and must offer the option of replacing an original key used in data protection with a new key.
Key Binding: The system should facilitate binding key information to the media to allow the media to be independently managed after encryption. This process will allow for much greater protection and streamlined recovery, regardless of storage duration.
Distribution: Because backup systems are usually distributed, it is imperative that storage security is remotely manageable and that protection does not materially impede recovery or accessibility.
Integrity: Stored data encryption should eliminate integrity issues by authenticating tape media at the block level. This process further complements the backup application?s responsibilities of ensuring the integrity of stored data.
Recovery: The distributed nature of storage would also mandate a secondary appliance or a software-only means to recover encrypted data. This requires a process by which authorized users can recover encrypted stored data should the appliance fail either locally or remotely.
Summary
Section 404 of the Sarbanes Oxley Act essentially requires companies to prove that they are retaining and protecting their financial records in an appropriate way. Given that storage environments are highly dynamic and must accommodate data growth rates, ensuring that as additional storage is added the data continues to be managed in accordance with SOX policies is an ongoing activity.
While secondary storage was once considered remote and isolated from external forces, that is no longer the case given the greater accessibility associated with highly distributed and networked storage infrastructures and outsourcing Moreover, the use of more distributed storage resources and immediate recovery solutions compounds the need for storage security to evolve beyond physical protection. Implementing appropriate media protection and authentication for stored data minimizes the risk of data compromise or theft, avoids costly and embarrassing disclosures, and ensures compliance with regulatory and legal mandates.
Dore Rosenblum
Vice President of Marketing
NeoScale Systems
Dore Rosenblum is vice president of marketing at NeoScale Systems in Milpitas, California. An IBM-certified network architect, Rosenblum holds a master?s degree in computer science from the University of North Carolina, Chapel Hill, and a bachelor?s degree in math from the University of Virginia.
|
|
|
|
|
