Data-at-rest security

Safe by cjc4454 (cc) (from flickr)
Safe by cjc4454 (cc) (from flickr)

Although we have discussed securing data in the cloud before but we have not discussed IT data security in general.  I count at least 6 different places one can secure IT data-at-rest today.  In most cases, one has some sort of system to provide encryption/decryption services and some way to get encryption keys, generated, stored, and securely retrieved by this system.  All these systems use symmetric key cryptography where the same key is used for encryption and decryption purposes.   Approaches to IT data-at-rest security include data encryption performed as follows:

  • Drive level
  • Subsystem-based
  • Network-based
  • Appliance-based
  • HBA-based
  • Host-based.

Drive level encryption

For tape transports drive level encryption has been around since LTO-4 and previously with other proprietary tape formats. For disk, data encryption capabilities have been around for a long time in the consumer space and lately has been introduced into enterprise storage as well.

Encryption key management is critical to securing any drive level encryption.  Key management can be supplied either externally by some sort of standalone key management software/appliance or internally from the tape library or disk subsystem controller itself.

The reasons for tape drive encryption are fairly substantial, tapes in transit can be lost or stolen. Similarly, disks can be replaced/stolen from enterprise storage subsystems and as such are subject to the same security concerns as tape volumes.  As drive encryption is typically performed by special purpose hardware,  it can operate with almost no overhead and thus, little impact to storage performance.

Disk subsystem-based encryption

Although there are only a few current implementations of this capability,  data encryption/decryption could easily be done entirely at the subsystem level with key management available external or internal to the subsystem.  Most likely this would be considered a software cryptographic solution but hardware could also be supplied to encrypt/decrypt data.  With a software implementation, the impact on storage performance (especially, read back) might be considerable.

A couple of years ago, EMC, HDS and others added “secure data erasure” for disks or subsystems going out of service.  However, this does nothing for operating data-at-rest security.

Network-based encryption

Both Cisco and Brocade offer data security services in the SAN or storage network facilities.  Such capabilities will encrypt and decrypt data going to or from LUNs and/or tape drives.  Key management can be supplied externally as well as internally to the networking equipment.  Both Cisco and Brocade SAN encryption servicesare hardware encryption solutions and as such, operate at line speed with high throughput.

Appliance-based encryption

In the past, a number of companies offered appliance or standalone hardware based encryption which places the data security appliance within the data path somewhere between the host and its storage devices.  Such solutions have been falling behind or recently been replaced by network based encryption solutions but still have a significant install base.   Key management can be supplied internal to the appliance or externally.  All appliance based encryption solutions support dedicated hardware for encryption/decryption of data.

HBA-based encryption

Last month EMC announced a new capability for their CLARiiON storage which operates in conjunction with Emulex HBAs to offer hardware HBA-based encryption for data.  This solution is an interesting in that it’s almost host based, hardware solution and should have little to no impact on storage performance.  Key management is supplied external to the HBA.

Host-based encryption

Host encryption has been available in the consumer and enterprise space for a number of years.  Such services have seen much success with laptop data.  Host based services are available from operating system vendors or special purpose applications.  In the consumer space products such as PGP (recently purchased by Symantec) have been available for over a decade, similar capabilities exist in the enterprise space via special purpose “secure” file systems and other applications.  Most host based cryptographic systems use software based algorithms.  Although hardware host-based services are available in the mainframe, System z environment via cryptographic co-processors and the latest versions of Intel’s advanced processors with their instruction set extensions for AES encryption support.

Other data-at-rest security considerations

From a performance perspective, hardware encryption can have the least impact but it’s very expensive.  In addition, drive level encryption is probably the most scaleable as the more drives you have, the more encryption throughput can be supported.  Next comes the appliance or network based encryption solutions which can be scaled by purchasing more appliances or encryption blades/switches.

In contrast, software based services perform the worst but are easiest to deploy.  Most consumer O/Ss support data encryption with a simple configuration change.  Software solutions are the least expensive as well because there is no hardware to purchase.  Software based solutions can also be scaled but only be adding more servers/subsystems.

In any event, key management cannot be overlooked for any data-at-rest security solution.  Given the strength of modern day encryption algorithms, the loss of a data key is equivalent to the loss of all data encrypted with that key.  So when considering key management, one should look for support of key archives, redundant key managers, key hierarchies and other advanced characteristics that make key access continuously available and disaster proof.

Data security is certainly feasible with any of these solutions. But performance, availability and ease of management must be understood before seriously considering any data-at-rest security regimin.

Chart of the month: SPC-1 LRT performance results

Chart of the Month: SPC-1 LRT(tm) performance resultsThe above chart shows the top 12 LRT(tm) (least response time) results for Storage Performance Council’s SPC-1 benchmark. The vertical axis is the LRT in milliseconds (msec.) for the top benchmark runs. As can be seen the two subsystems from TMS (RamSan400 and RamSan320) dominate this category with LRTs significantly less than 2.5msec. IBM DS8300 and it’s turbo cousin come in next followed by a slew of others.

The 1msec. barrier

Aside from the blistering LRT from the TMS systems one significant item in the chart above is that the two IBM DS8300 systems crack the <1msec. barrier using rotating media. Didn’t think I would ever see the day, of course this happened 3 or more years ago. Still it’s kind of interesting that there haven’t been more vendors with subsystems that can achieve this.

LRT is probably most useful for high cache hit workloads. For these workloads the data comes directly out of cache and the only thing between a server and it’s data is subsystem IO overhead, measured here as LRT.

Encryption cheap and fast?

The other interesting tidbit from the chart is that the DS5300 with full drive encryption (FDE), (drives which I believe come from Seagate) cracks into the top 12 at 1.8msec exactly equivalent with the IBM DS5300 without FDE. Now FDE from Seagate is a hardware drive encryption capability and might not be measurable at a subsystem level. Nonetheless, it shows that having data security need not reduce performance.

What is not shown in the above chart is that adding FDE to the base subsystem only cost an additional US$10K (base DS5300 listed at US$722K and FDE version at US$732K). Seems like a small price to pay for data security which in this case is simply turn it on, generate keys, and forget it.

FDE is a hard drive feature where the drive itself encrypts all data written and decrypts all data read to from a drive and requires a subsystem supplied drive key at power on/reset. In this way the data is never in plaintext on the drive itself. If the drive were taken out of the subsystem and attached to a drive tester all one would see is ciphertext. Similar capabilities have been available in enterprise and SMB tape drives is the past but to my knowledge the IBM DS5300 FDE is the first disk storage benchmark with drive encryption.

I believe the key manager for the DS5300 FDE is integrated within the subsystem. Most shops would need a separate, standalone key manager for more extensive data security. I believe the DS5300 can also interface with an standalone (IBM) key manager. In any event, it’s still an easy and simple step towards increased data security for a data center.

The full report on the latest SPC results will be up on my website later this week but if you want to get this information earlier and receive your own copy of our newsletter – email me at