What's slowing data encryption? Plenty

30.08.2006
Despite standing headlines of data security breaches on a daily basis in IT publications, there seems to be remarkably slow movement toward encryption. Anecdotally, our experience has been that organizations are at least as likely to be considering alternatives such as maintaining their own corporate bunker sites for tape retention or expanding replication capabilities to eliminate tape entirely as they are to be considering encryption options. Unfortunately for many organizations, this is simply not practical, and, as a result, the default behavior is to simply not encrypt.

Encryption appliances have now been available for several years, so what is holding up adoption? There are at least three reasons. The first, and arguably the biggest reason, is the unavoidable fact that if you choose to encrypt, you must also manage your encryption keys. While encryption may deter others from viewing your data, without a bullet-proof key management capability you could be "locked out" of you data, as well. For many, this is a far greater fear than the potential misuse of data from a lost backup tape, and it is the reason why appliance companies like Decru Inc. (now part of Network Appliance Inc.) and Neoscale Systems Inc. are focused so heavily on simplification of key management.

Another factor is concern over vendor lock-in, or, to put it another way, the lack of standards. Once you encrypt using a specific vendor's technology, that technology is also required to decrypt, meaning that there is a substantial barrier to transitioning from one product to another should the need occur.

Finally, the cost of purchasing, implementing, and managing a broad range of encryption products is also inhibiting adoption. Added to the other concerns cited, the result is a continued wait-and-see attitude.

Protecting data is a serious concern that is here to stay. The good news is that there are signs of hope. Draft standards are evolving for encrypting data at rest - IEEE P1619 for disk and P1619.1 for tape are progressing but have yet to be finalized. The next generation of tape drives will be integrating encryption capabilities. And, of course, we are all anxiously awaiting the fruits of the EMC acquisition of security-leader RSA.

Jim Damoulakis is chief technology officer of GlassHouse Technologies Inc., a leading provider of independent storage services. He can be reached at jimd@glasshouse.com