Checklist for purchasing hardware-based encryption
Encryption appliances sit inline on a network and use specially designed electronics to encrypt data at line speeds, essentially eliminating the performance penalty imposed by encryption software running on a general server. While software-based encryption is typically handled as a specific event or process (e.g., encrypting data during a backup process), appliance-based encryption normally can handle any quantity of data in flight.
Encryption appliances are also expensive devices, and implementing multiple appliances within the same organization can be cost prohibitive. In addition, key management is an important concern. Since keys are stored in the appliance itself, storage and network professionals must understand how to access encrypted data if the appliance fails. Encryption appliances should be carefully tested in a lab environment before making any purchase decision. Now that you've reviewed the essential issues involved in any encryption approach, this segment focuses on specific considerations for hardware-based encryption products. You'll also find a series of specifications to help you compare products from vendors, such as Crossroads Systems Inc., CipherMax Inc., NeoScale Systems Inc., Network Appliance Inc. (NetApp) and Vormetric Inc.
Consider interoperability with your current environment. Appliances typically have few compatibility problems, they simply connect inline with your current network and encrypt that data at full network data speeds. For example, a network attached storage (NAS) or IP SAN (iSCSI) appliance would connect inline with the IP network between storage and servers. In a storage area network (SAN), an appliance would connect to ports on a Fibre Channel switch and so on. Still, experts recommend a sanity check to ensure that the appliance will integrate seamlessly and communicate properly within your data center.
Consider the integration process and potential disruptions. The integration of new technologies is rarely a painless process, and disruptions are likely to occur in the production environment. Testing and evaluation are important to establish exactly how much disruption should be expected. Careful planners can determine any setup or operational configurations that will speed the actual installation, and adequate time can be set aside during evening or weekend hours to accommodate the deployment.
Evaluate the management and maintenance overhead. Encryption appliances require little ongoing maintenance or management once they're properly configured. However, administrators should have a clear understanding of any logging or reporting features in the product. Check for routine management tasks that can be automated with command-line interface (CLI) scripts. The appliance's management interface should require multiple login credentials for access, particularly for sensitive configuration tasks.
Evaluate the appliance's internal security. A standalone encryption appliance must include provisions to prevent tampering and ensure that any configuration settings remain unchanged, unless proper credentials are provided by an administrator. Appliances, like Decru's DataFort, use smart cards to secure the appliance. Host authentication techniques can also be employed to secure the appliance in a SAN fabric. Remember that appliance security will result in new policies, and practices will add management overhead to existing data center and network administration.
Consider how the key is stored and used. Another aspect of security is key management. In some cases, a single key is used to encrypt and decrypt the data, or a unique key is used for each process. In other cases, a series of keys can be deployed, allowing decryption with a majority of key holders. If an appliance stores the key(s), there must be an adequate provision to recover data if the appliance fails. Keys must also be kept secure if they are stored off of the appliance. Consider how the key management system adds security to the organization, but also evaluate the level of complexity, cost and the effect that any future hardware changes or disasters might have on the key management process.
Test key destruction features. One of the easiest ways to destroy encrypted data is to destroy the key used to encrypt data in the first place. If the key is gone, the data is unrecoverable, and any storage used to hold that encrypted data can be cleared without concern about recovery later on. Understand the protocol needed to erase keys, verify that key deletion is unrecoverable, and look for any workarounds or "back doors" that might compromise key security.
Know the vendor. Many encryption appliance vendors are relatively new, so the vendor's longevity in the market should be considered. When evaluating an encryption appliance, be sure to also investigate the vendor's history, business goals and product roadmap. If a vendor is looking to be acquired and cannot offer a clear product roadmap, that vendor should be avoided. The hardware-based encryption product specifications page in this chapter covers the following products:
