Stored Data Encryption:  Securing Your Information Infrastructure

David Black, Senior Technologist, EMC Corporation

Data is king -- an organization's first-class entity. Sensitive data is at risk when it becomes accessible in network locations intersecting active data paths, or when it lives in other shared access points within the data center. Choosing an encryption algorithm may differ between disk and tape storage. Additional considerations include integrity protection, how the data is backed up and associated vulnerabilities. Key management is as important as the actual encryption of data, because losing an encryption key causes the data to be lost. Key management controls include establishing policy and enforcing it so that data becomes both manageable and safe. Administration through distributed key management architecture provides centralized security policy controls and management for the keys in use.  

As a result of participating in this session, attendees will be able to:  

• Summarize the security threats, vulnerabilities and areas of risk to stored data.  Explain the roles and purposes of encryption and key management in securing stored data
  
• Describe the possible locations (e.g. servers, network [e.g. SAN], storage) for encryption of stored data, and explain the advantages and disadvantages of each location
  
• Name important encryption algorithms that are applicable to stored data and describe considerations.  Describe the architecture of distributed key management solutions.