Everybody knows that it is easier to hit a stationary target than a fast-moving target. Yet an enormous amount of resources are being used to encrypt data in motion, while the bigger risk is in data at rest.
One reason for the focus on data transfer rather than storage dates back to pre-1994 days. At this time, ethernet broadcast all communications between two computers to all of the nearby computers, thus allowing a hacker with a sniffer (a piece of software that captures network traffic) to see other users' data.
But in most companies today, data is almost always transferred on switched networks and thus is transferred from point to point - with no visibility of that data by other network-attached devices. The only way to circumvent this is for the hacker to load his sniffer program onto the actual server itself, but even in this scenario, there are simpler ways to access the data directly.
Given this fact, the enormous amount of resources put into encrypting data in flight, travelling over the network, seems disproportionate.
For example, the internet Small Computer System Interface (iSCSI) – a means of carrying out the transfer of data over intranets, or remotely managing data storage - incorporates IPSec security, which can encrypt data as it is transferred between two devices, preventing a hacker with a sniffer from seeing the contents of that data.
But this discounts the fact that a hacker would not only have to get access to the data being routed from point to point, but would have to know ahead of time which packets to capture and decrypt from the thousands of packets per second travelling over a particular network segment.
For a long time, this hacking route was perceived as so risky that IPSec was almost mandatory for iSCSI traffic. However this requirement was removed just prior to the standard's ratification, when the extreme cost to implement any reasonable data rate was fully realised.
Rather than trying to decode thousands of network packets from many different sources, it is a much easier course for a hacker to get to the data where it is resting in a server. Hacking a standard server is much simpler to do. Locating the data and uploading it to a secondary location is much simpler than trying to decode network traffic packet by packet.
Given this, the lack of focus on encrypting data while at rest is surprising.
In fact, California has recently passed legislation to force companies to encrypt certain types of data, such as credit card numbers, Social Security numbers, etc. However, even encryption on disk is only going to prevent the data from being read if somebody were to steal the hard disk, an unlikely event. A clever hacker with a hijacked user account can still log onto the server and read the data as the file system will decrypt the data as it is read from disk and transfer it in its decoded state.
With all the attention being paid to encryption of data in motion, we need new software that introduces keys on both workstations and servers to ensure only trusted users can access the data from trusted workstations. This would raise the security bar and foil remote hacking attempts. In the majority of cases, a continued stream of additional encryption schemes is unlikely to help.
BlueArc is exhibiting at Storage Expo 2003, the UK's largest dedicated data storage event. It takes place at Olympia London, from 15th to 16th October 2003.
See: www.storage-expo.com
