Light Dark
January 2, 2019 By Mark Buckwell 4 min read
Data Protection
Identity & Access

Data encryption has become a hot topic for many people this year with Article 83 of the General Data Protection Regulation (GDPR) listing it as an example security control to mitigate risks. While the U.K. Information Commissioner’s Office (ICO) provides some useful guidance on how to use encryption, I have had many discussions over the past year about what is the right approach to implementing data-at-rest encryption (DaRE) solutions. There is no magic answer, but there are some fundamental aspects to consider — starting with an understanding of common encryption threats.

Identify the Threats Facing Your Organization

Clients often ask for DaRE, but are unclear why they need it (other than a policy that says they need to implement encryption). There are many threats related to encryption, but I suggest starting with four generic threats in the context of your system/application.

1. Loss of Physical Storage Media

There is a risk of losing storage media, such as disks or tapes. In a cloud environment, storage media is not something under your direct control. To protect from a loss of storage media, encryption can be provided in the underlying storage or media subsystem. This provides a mechanism, transparent to the application, that is fast and has low latency — but does not manage every threat.

2. Disclosure or Modification of Stored Data

Some threat actors, such as an external attacker or internal privileged administrator, can gain access to personal or highly confidential data while systems are running. Encryption at the storage level won’t provide adequate protection in this case, since a privileged or even standard user has access to the unencrypted data. It also will not provide protection from a threat actor attempting to gain privileged access or extracting data using a classic attack such as SQL injection.

Therefore, highly confidential and personal data often needs to be encrypted at the level of structured or unstructured data objects to prevent a privileged user from accessing it. With the General Data Protection Regulation (GDPR) in effect, this is especially crucial.

3. Destruction of Stored Data

Even if stored data cannot be accessed, it can be destroyed by deleting the encryption keys — a cryptographic erasure — or by destroying the actual encrypted data. Systems are normally designed with redundancies, such as a backup of the data and a separate backup of the encryption keys. If segregation of duties is not maintained, it may be possible for a malicious employee to destroy the primary data, backups and encryption keys all at once.

4. Disclosure of Data in Transit

Data needs to be transported between applications, and it is possible to tap into a network to enable confidential data to be read. With cloud storage, the network and server infrastructure is not under your control and there is a risk of data interception.

While many applications use Transport Layer Security (TLS) to encrypt traffic, there are many other communications that cannot use TLS. In a virtual world, physical systems are clustered together with virtualized storage where the underlying transport mechanism may obscure the data but not support encryption.

Balance Risk With Performance, Resilience, Compatibility and Operations

Like all security mechanisms, data encryption has a set of impacts that need to be considered. The primary driver is normally the cost of the encryption, but assuming an unlimited budget, there are potentially some more fundamental impacts on the operation of applications and infrastructure.

One such impact is on performance. Encryption is a highly compute-intensive mechanism that is normally assisted by hardware. With self-encrypting drives, it often cannot be disabled and has zero performance impact. When encryption is applied at a more granular level, the impact is much greater. Encrypting files has a much greater performance impact than encrypting a logical disk, which has a greater impact than encryption within physical storage. Increasing latency with reduced speed of encryption may have a detrimental impact on an application that makes your business uncompetitive.

The next impact to consider is on resilience. Encryption adds complexity and, depending on how it is implemented, may introduce additional dependencies that increase the complexity of change processes and the risk of infrastructure failure. Think about possible failure scenarios and the dependencies, then test component failure and recovery. Finer-grain encryption may provide improved protection, but it reduces the resilience of an application. For example, even if all keys are lost in a key management system, a storage subsystem may still be recovered with offline recovery keys, whereas data in volume-based encryption may be irretrievably lost without additional controls.

Data encryption also impacts compatibility. An encryption app may have a dependency on a specific application feature that cannot be changed, for example, or it may not support specific file systems or database types. This introduces a constraint that prevents encryption from being used, and may require accepting a risk. The finer the encryption — that is, the higher in the application stack — the more constraints will be revealed.

Lastly, consider the impact on operations. While encryption protects your data, it also makes it difficult to access data when you do need it. If a backup service creates a backup of an encrypted server, how can you restore an individual file without shutting down the production service? Sure, there may be workarounds, but does it still impact service levels?

Encryption solutions are still maturing as they move from being add-on packages to being embedded within applications. Constraints will no doubt reduce over time, but it’s good to be aware of them while deploying encryption.

Tailor Data Encryption to Fit Your Needs

There is no single answer to the question of how to properly use data encryption. It comes down to the risk appetite of a business balancing the security risk against performance, resilience, compatibility and operations.

One possible combination is storage-level encryption for performance together with structured data encryption on a limited number of high-risk applications. Depending on their application and data types, organizations will likely need to apply different architectural patterns and accept some residual risk.

To learn more, download the white paper, “Guard Your Organization’s Data With Intelligent IBM Encryption.”

Read the white paper

 |  |  |  |  |  |  |  |  |  |  |  | 
Mark Buckwell
Cloud Security Architect, IBM

More from Data Protection
December 20, 2024

How to craft a comprehensive data cleanliness policy

3 min read - Practicing good data hygiene is critical for today’s businesses. With everything from operational efficiency to cybersecurity readiness relying on the integrity of stored data, having confidence in your organization’s data cleanliness policy is essential.But what does this involve, and how can you ensure your data cleanliness policy checks the right boxes? Luckily, there are practical steps you can follow to ensure data accuracy while mitigating the security and compliance risks that come with poor data hygiene.Understanding the 6 dimensions of…

December 3, 2024

Third-party access: The overlooked risk to your data protection plan

3 min read - A recent IBM Cost of a Data Breach report reveals a startling statistic: Only 42% of companies discover breaches through their own security teams. This highlights a significant blind spot, especially when it comes to external partners and vendors. The financial stakes are steep. On average, a data breach affecting multiple environments costs a whopping $4.88 million. A major breach at a telecommunications provider in January 2023 served as a stark reminder of the risks associated with third-party relationships. In…

November 19, 2024

Communication platforms play a major role in data breach risks

4 min read - Every online activity or task brings at least some level of cybersecurity risk, but some have more risk than others. Kiteworks Sensitive Content Communications Report found that this is especially true when it comes to using communication tools.When it comes to cybersecurity, communicating means more than just talking to another person; it includes any activity where you are transferring data from one point online to another. Companies use a wide range of different types of tools to communicate, including email,…

Topic updates

 Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today
© 2024 IBM Contact Privacy Terms of use Accessibility Cookie Preferences
Sponsored by si-icon-eightbarfeature