Built-in encryption is the key to protecting against information leaks

It hasn’t happened to me so far (fingers crossed), but I imagine there are very few things more disturbing than having your personal information put at risk because someone lost or misplaced a tape cartridge or a laptop.

[ MarioApicella's column is now a blog! Get the latest storage news from the Storage Adviser blog. ]

The remedies when something like this happens — and unfortunately, it happens often — have so far been inadequate, to say the least. Quite frankly, a year of free credit watch service wouldn’t do much to appease me if my Social Security number had been thrown to the dogs.

How big is this data-breach phenomenon? It's hard to put it into some kind of metric, but to get a feel for its breadth, take a look at this chronological table of past data breaches.

I don’t know if that is an all-inclusive list, and it really doesn’t matter — there are more than enough incidents reported on that page to make anybody’s blood boil with indignation. What’s more irritating is that almost all of those disclosures could have been prevented by using data encryption on sensitive data, especially when that data flows to mobile devices or removable media.

Why, then, are companies not implementing encryption whenever possible and appropriate? Is it because they can get away with just having their hands slapped when a disclosure occurs? Perhaps, but it’s also true that implementing and managing encryption is a big pain in the neck.

Software encryption tools abound, but they add an overhead in processing time and human labor that many companies just can’t absorb. Thankfully, the previously rare solutions that implement encryption via hardware chips are becoming more numerous, which should help make your encrypted data fly as fast as clear data. For example, vendors such as Seagate and, more recently, Hitachi Global Storage have started to include encryption technology in their disk drives.

Why is that good? Let me answer by quoting the blog of Chris Parkerson, senior product marketing manager for RSA:

“I personally believe that the best security for businesses is going to come from a security infrastructure that is built right into the devices, computers, and major software applications that they buy. It just makes sense!”

Indeed it does, but what happens when you have tens — if not hundreds — of devices in your datacenter, each with its own proprietary encryption system? How many touchpoints will you have to manage to encrypt data on every tape drive, library, and storage device? Probably too many to keep your sanity.

To be clear, I like having devices that deliver data encryption right where it’s needed, but you would gain a lot more flexibility and scalability if you could centralize those tasks if and when necessary. Considering that most of the customers who need more protection for their data are on a SAN, why not make encryption a network service, delivered from the far-reaching but easily managed fabric switch?