At the low end, says Hubis, the key management can be as simple as a client requesting a key from a server, receiving it, and then using the key to decrypt the data. In client-server authentication, the client and server must authenticate their identity to each other (possibly using a third-party certificate, as with PKI) and use an encrypted channel for their communications.
Destroying a key at the end of its useful life, and insuring it has been destroyed, is especially important where regulations require the destruction of data after a certain time period, since the destruction of the key is considered (under some regulations) equivalent to destroying the data.
Security and Disaster Recovery
Maintaining key availability in the event of an equipment outage or disaster is also critical because without the key, the data can't be recovered. Moulds recommends building a distributed key management and delivery system so the failure of a single component, such as a key repository or key server, can't disable data access across the entire organization. It's also important, he says, to design the system so that the keys needed to decrypt data for legal or regulatory purposes can be quickly found and used to recover the needed data.
"The security of your key management system should be as high as the most secure data it protects," recommends Moulds. That might mean the use of smart cards or two-factor authentication to control access to highly sensitive keys, he says. "A lot of customers want to go further and insist that no single administrator control" the key management system, says Moulds.
Some key management systems also store the keys in hardware-based secure modules rather than in software.
Encryption in practice
Scott Chandler is on the cutting-edge of the storage encryption trend, but being a pioneer isn't too painful.
Chandler is a systems engineer at Adheris Inc., a Burlington, Mass. firm that delivers customized reminders to help ensure patients take their medication properly and properly manage their diseases. He is using a Spectra T120 tape library from Spectra Logic Corp. to encrypt data backups to ensure Adheris meets the patient privacy requirements of HIPAA (the Health Insurance Portability and Accountability Act.)
As for the keys which manage the encryption and decryption of the data, "there really isn't a lot to manage," says Chandler. "Once encryption was set up on the library, we exported copies of the key which are stored in secure locations and may be accessed in the event of a disaster."
Until recently, says Moulds, many organizations stored keys "on bits of paper locked away in a safe" and updated and changed encryption keys on servers manually. This becomes more and more expensive the more widely a company uses encryption, and makes it far more difficult to prove that the proper changes were made and that keys were destroyed at the end of their useful lives. In some cases, says Moulds, the reduction in manual effort can justify the cost of an enterprise-wide key management system.
Some vendors get around the need to exchange or manage keys by storing encrypted keys on the tape drive itself. Seagate's FDE technology stores the encryption key on the hard drive, which it says also eliminates the need to "escrow" the key in a safe location. Sun stores keys within its Key Management Station, a secure and dedicated workstation.
Given the number of highly publicized cases where backup tapes have been lost or stolen, tape is a logical first choice to deploy encryption. The challenge comes, says Moulds, "when you recover (the data.) How do you figure out which key goes with which tape?" nCipher sells it's keyAuthority Management Server along with IBM's Encryption Key Manager because the IBM software "does a good job of associating keys with tape, but it's not a good system for managing the keys themselves," Moulds says.
One of the challenges of key management is linking the keys with the identities of the users who are eligible for access for them, says Greg Schulz, founder and senior analyst at The StorageIO Group, Stillwater, MN. industry analyst and consulting firm.