Author Archive for stoledano

3 Reasons Why Encryption is Overrated

Published
by
stoledano
on June 10, 2009
in Uncategorized
. Comments

UPDATE 7-31-09:
This post caused a great deal of controversy.  Some readers left with the impression that we believe encryption to be obsolete or unnecessary.  That was not our intended message; rather it was to expose common problems with conventional approaches to data encryption and what dispersal offers to address them.  Other readers disagreed with the veracity of our claims, which is not surprising given that the post lacked technical details to backup them up.  To provide technical details in defense of the claims made in this post, we have written three follow up responses: Part 1, Part 2, and Part 3 which we invite you to see.

When it comes to storage and security, discussions traditionally center on encryption.  The reason encryption – or the use of a complex algorithm to encode information – is accepted as a best practice rests on the premise that while it’s possible to crack encrypted information, most malicious hackers don’t have access to the amount of computer processing power they would need to decrypt information.

But not so fast.  Let’s take a look at three reasons why encryption is overrated.

1) Future processing power

While processing power today may keep encrypted files (that are stored in the cloud, for example) safe, as processing power improves, archived encrypted files will require systematic re-encryption to remain safe from potential hackers. Systematic re-encryption, though, is difficult, laborious and expensive.

2) Key management

To decode the encrypted files, a user needs the encryption key.  Unfortunately, managing a large number of encryption keys can be painful. Yes, there are enterprise key management (EKM) solutions that promise the ability to manage and change keys throughout their life cycle – but these serve more as a band-aid to the fundamental pain of dealing with numerous keys. As a chain is only as strong as its weakest link, an enterprise key manager is only as good as the integrated key management systems that use it. If any system downstream from a secure key manager exposes the key, or is not designed to cover a certain threat, the whole thing becomes not secure.

3) Disclosure laws

Beyond technology, breach disclosure laws  — that require organizations to notify individuals when personal information has been or at least is reasonably believed to have been acquired by an unauthorized entity – can result in a PR nightmare for a business that encryption can’t resolve.  A quick visit to Privacy Right Clearinghouse lists the compilation of data breaches since 2005 that expose individuals to identity theft as well as breaches that qualify for disclosure under state laws.  Not a short list.

A technologist with a good understanding of encryption methods may be comfortable with some of the breaches or data losses reported due to the strengths of the encryption.  But this doesn’t matter in the court of public opinion; once data – encrypted or not – is lost, so is the trust of the general public.  Encryption is simply not enough to counter business concerns about the security of their data.

Consider Dispersal

With full disclosure – Cleversafe’s storage solution is based on Dispersal – consider its security benefits. Dispersed Storage technology divides data into slices, which are stored in different geographies.  Each slice contains too little information to be useful but any threshold can be used to recreate the original data.  Translation – a malicious party cannot recreate data from a slice, or two, or three, no matter what the advances in processing power.  And Dispersal does not require the time and energy of re-encryption to sustain data protection.

Maybe encryption alone is “good enough” in some cases now  – but Dispersal is “good always” and represents the future.

Bookmark and Share

Before You Jump Into Cloud Storage, Answer These 5 Questions…

Published
by
stoledano
on June 1, 2009
in Uncategorized
. Comments

The cloud presents a great opportunity for simple, cost-effective data storage.  But buyer beware – without tackling these 5 questions, your likelihood of success is…unlikely.

1) What Type of Data do You Need to Store?
Is it mission-critical and/or sensitive information?  Is it information that without speedy access to you will have trouble making business decisions?  How much data do you have?  5 TB?  500 TB?  Figuring out what type – and how much – of information you have will help you determine when it is worth investing the money in hardware to keep data local and when taking the data outside your four walls is warranted.  Also, because cloud storage relies on the network connections to the storage, it is often better to consider it nearline storage versus primary.

2) How Much Control Do You Want to Have Over your Data?
If you want your data under your control at all times, do not send it to the cloud.  Another important thing to remember is that data control doesn’t necessarily mean data security.  Sure, public clouds are shared among a variety of users, and replicating data to different sites just means more possible points of vulnerability for a complete set of data.  But keeping the data in house is only as secure as your company is.

3) What type of Cloud Storage Best Suites your Business?
So let’s assume now that you have decided to opt for cloud storage.  What kind do you want?  The benefit of using public cloud storage is that it allows a business to untie itself from expensive, bulky hardware.  You only pay for what you use/need rather than forking out the capital to fund the facilities to operate a private cloud.  On the flip side, the downsides of going public are potentially big: control and security concerns and availability.  Of course, though private clouds give you more control over your data, they are also built from software running on in-house hardware, meaning scaling requires additional hardware and physical space.

4) How Does Your Prospective Cloud Vendor Geo-disperse?
If you have a lot of data you want to put into a cloud, consider how your provider accomplishes geo-dispersion and how this will affect your business costs.  Even though external cloud storage is considered more cost-effective, if a provider is using replication, they are still storing 3-4 times the amount of data you actually have… meaning 3-4 times the cost, 3-4 times the headache and 3-4 times the security vulnerabilities.

5) When it Comes to Storage, is it Really All About the Benjamins?
How much are you willing to spend to ensure your data is housed in the most effective, safest way possible?  Even though hardware costs have been declining, the TCO of owning and managing an internal storage setup (factoring in floor space, building maintenance, network, cooling, power, UPS, power generators, storage admin time for implementations operations, etc.) is not.  Companies will realize that storing unstructured data on the wrong type of storage is costing them big money and realize the savings cloud storage can provide.

Bookmark and Share