“2011 was a watershed year for encryption,” said Tsion Gonen, corporate vice president of Products and Marketing at information security firm SafeNet. “Driven by the need to secure growing virtualized infrastructures, as well as high profile security breaches, encryption emerged as one of the most effective means to protect sensitive data, no matter where it lives.”
Gonen predicts that encryption will stay on the networking professional’s radar into 2012 and beyond, not least because the new models of delivering cryptographic operations will change and make it easier to ensure data stays safe even in virtualized environments. He believes we will see encryption move to a centralized function and be delivered through the “as-a-service” model that application vendors have been using for some time.
“With encryption use increasing, it prompts the need to better control and unify the management of data and policies, while reducing capital and operational costs,” he said. “These are weighed down by disparate encryption technologies arising from varying security, compliance and risk requirements.”
Standardizing the way data is encrypted in data centers will contribute to reducing costs. “Through the ‘crypto-as-a- IT-service’ model, organizations can deploy highly secure and standardized crypto services to individual businesses units, while ensuring protection, control, and governance of data, as well as cost efficiency,” he added.
Some of the technologies accelerating the transition to encryption as a service (EaaS) include hardware-based encryption key storage, centralized data protection schemes for applications, databases, storage and virtualized environments, and role-based access controls. These next gen technologies are aimed at improving the encryption solutions available at data center level.
New capabilities for data centers
Encryption involves two parts: algorithms to scramble the data and keys to unscramble it. EaaS involves centralizing the problematic part of encryption: key management. It aims to make cryptographic functions more easily available, both within a network and in cloud environments.
“Enterprise customers want to ensure that nothing leaves their data center without being encrypted and they want to keep control of that encryption by generating and storing their own keys,” said Andres Rodriguez, CEO of U.S. based enterprise storage company Nasuni. “They also want to make sure whatever access control is in place remains in place. This is only possible when dealing with pure data — so storage as a service — and not with complete applications as in software as a service.”
Traditional methods of handling encryption keys become unwieldy if not impossible in this situation because using cloud-based service solutions potentially means sending unencrypted information to the cloud software, and retrieving it in the same way.
“When delivering software as a service customers must trust the people and processes in their service provider,” said Rodriguez. “This security model is not nearly as robust as the cryptographic protection that can be applied to pure data.”
In other words, if users at your company are relying on cloud-based software for processing sensitive data, you can keep it safe by managing the encryption at the data center level. Nasuni’s technology, for example, allows companies to use cloud storage but still encrypt data at their premises with keys they generate themselves.
“The Nasuni storage services allow companies to tap into the cloud’s access to elastic storage capacity, with a built-in data protection model and the power to synchronise data globally,” Rodriguez added. “That’s a big change that makes the cloud enterprise-ready and brings some extraordinary new capabilities into data centers.”
Next gen storage solutions
The Nasuni solution looks just like another file server to users and, because the most frequently accessed files are also stored on site, performance is no different. Storage as a service offerings make use of the best of the cloud: unlimited storage, no requirement to back up, and the ability for multiple sites to access the same storage volume without resorting to complicated replication schemes or WAN accelerators.
Next gen storage solutions that include encryption technology also add in peace of mind.
“With crypto as a service you don’t need to worry,” said Gonen. “You throw data at it and it does all the key management and key backups. It’s all done centrally. All the user needs to know is what data to protect and who needs to be given access. People have been afraid of encryption for a very long time, so the ‘as a service’ model makes it easier for them to consume.”
“Great security is about the transparency of the implementation,” said Rodriguez. He advises looking for products that are based on rigorously tested solutions. “OpenPGP benefits from having had some of the best security minds in the world peer reviewing its specification for the last two decades.”
Enterprise networking and encryption are slowly converging and it will be interesting to see how the disciplines overlap over the next few years. “The last few years have been great; encryption suddenly became cool,” said Gonen. “This is the next generation of information security.”
Elizabeth Harrin is Computer Weekly’s IT Professional Blogger of the Year 2011. She is also director of The Otobos Group, a business writing consultancy specializing in IT and project management. She’s the author of “Social Media for Project Managers” and “Project Management in the Real World.” She has a decade of experience in IT and business change functions in healthcare and financial services, and is ITIL v3 Foundation certified.