DATA STORAGE DILEMMAS & SOLUTIONS
DATA STORAGE DILEMMAS & SOLUTIONS
2
MODERATOR
Marty Foltyn
SNIA Business Development Representative
Eric Hibbard
Chair, SNIA Security Technical Working Group and CTO, Privacy & Security, Hitachi Data Systems
Fredrik Forslund
Director, Cloud and Data Center Erasure Solutions, Blancco Technology Group
PRESENTERS
Meet the Panel
We’ll Explore
Data Storage: Past & Present and current security challenges
Physical Drive Destruction: The Pros & Cons
Data Erasure: Assumptions vs. Realities
Making Sense of Cryptographic Erasure
Legal Requirements Imposed by ISO 27040, NIST 800-88 Rev-1 & More
3
Punched Cards
Magnetic Tape
4
Data Storage: Past & Present
1940
1951
1956
1971
1985
1995
2000
2006
2013
Hard Drive
First computer sold for $750,000
Floppy Disks
CDRom
DVD
USBDrive
The Cloud
Removable & Rewritable
*by sheer data volume
Peta Bytes
Tera Bytes
Giga Bytes
00s 000s 0000s
Data center & Cloud data
PCs & Office Servers
Smartphones Tablets, USB
sticks
# of dataper device
# of databearing devices
Security Riskper data storage device*
FIG.1 SECURITY RISK PER DEVICE CURVE
Data Security Challenges
5
It falls to “…the provider to keep that data secure, and when it is deleted, the provider should ensure (or be able to prove) that it is permanently destroyed.”
Cloud Storage: Where Erasure Responsibility Lies
6
7
Push SyncBack up all
files
Push SyncWork files
Smart SyncSelect files
Sync LocalStream the
rest
Sync a FewStream the
rest
Home PC Work Laptop
Netbook Tablet Mobile Device
ISO 27018: Protection of Privacy & Personal Data in Cloud
All of My Data
My Documents
My Photos My Music My Work Files Special Project
!! ! !
When Do You Need to Consider Data Sanitization?
1. At Equipment End-of-Life
2. At defined Data End-of-Life “Regulatory compliance”
3. After Data Migration
4. By Customer Demand - “The right to be forgotten” “Data Exit Strategy”
8
Compromise of security that leads to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to protected data transmitted, stored, or otherwise processed
– ISO/IEC 27040:2015
A breach is the unauthorized acquisition, access, use, or disclosure of protected health information, which compromises the security or privacy of such information.
– U.S. HITECH (HIPAA) Act
A personal data breach “means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to personal data transmitted, stored or otherwise processed in connection with the provision of a publicly available electronic communications service in the Community”.
– EU ePrivacy Directive (EC Proposal)
What Is a Data Breach?
9
Security threats Potential forms of data breachTheft of storage element or media Unlawful access, unlawful disclosure, unlawful
data loss, unlawful data destruction
Loss of storage element or media Unauthorized access, unauthorized disclosure, accidental data loss, accidental data destruction
Loss of data Unlawful, unauthorized, or accidental data destruction or corruption
Accidental configuration changes (e.g., storage management, storage/network resources, incorrect patch management, etc.) by authorized personnel
Accidental access, accidental disclosure, accidental data destruction, accidental data alteration
Malicious configuration changes (storage management, storage/network resources, application tampering, etc.) by external or internal adversaries
Unlawful access, unlawful disclosure, unlawful data destruction, unlawful data alteration
Privileged user abuses by authorized users (e.g., inappropriate data snooping) Unlawful/unauthorized access or disclosure
Malicious data tampering by external or internal adversaries Unlawful data destruction or alteration
Denial of service attacks Unauthorized data destruction, loss, or alteration
Malicious monitoring of network traffic Unlawful/unauthorized disclosure
ISO/IEC 27040 – Data Breaches
10
76 Million People AffectedInformation Compromised: Names, addresses, phone numbers, email addresses
56 Million People AffectedInformation Compromised: Credit and debit card numbers
OCTOBER
SEPTEMBER
MAY
145 Million People AffectedInformation Compromised: Encrypted passwords, customer names, email addresses, mailing addresses, phone numbers, dates of birth
Data Breaches Are a Common Reality We Need to Fight!
11
Proactive Approach
Unless you proactively sanitize data in your environment, external or internal attackers as well as malware can maliciously perform data recovery that lead to data leaks.
12
Physical destruction
Software overwrite
Cryptographic erasure
Data Protection Methods
13
Physical Drive Destruction: The Pros & Cons
14
Data Erasure: Assumption vs. Realities
15
Format or Delete Data Erasure
What Is Certified Data Erasure?
16
Loose drive DISK Erasure
PC, SERVER and SAN Erasure
FILE ErasureLUN Erasure VIRTUAL Erasure
Total Erasure on physical level (HDD and SSD):
Erasure on File, Logical and Virtual Levels:
New volume platforms include smartphones, tablets and flash devices:
Data Erasure Today!
17
University of California’s Department of Computer Science and Engineering uncovered a range of problems in secure SSD ‘sanitization’ of both whole drives and individual files
SSD Erasure Is Complicated, But Possible…
18
Cryptographic erasure basically involves destroying the encryption key for the data and thus forcing an adversary to conduct an attack against the cryptologic implementation in order to gain access to the sanitized data.Cryptographic erase can be highly granular
Theoretically possible to cryptographically erase a single field in a databaseTypically targeted toward a single piece of media, but could be used for virtual storage (e.g., a LUN)
What Is Cryptographic Erasure?
19
Encryption must be applied before any data is written to the drive High-pedigree encryption is requiredEffective key management is requiredProof of encryption is requiredVerification of the cryptographic erasure operation
Understanding Challenges of Cryptographic Erasure
20
Typical media disposition involves physical destruction instead of sanitization (overwrites) resulting in:
Secure storage and destruction of storage mediaAdditional media cost because warranties cannot be exploitedRepurposing of storage is often limited
Both ISO/IEC 27040 and NIST SP 800-88r1 identify cryptographic erasure as an alternative form of sanitization
What One Financial Institution Has Done
21
ISO, NIST, and Legislation
Multiple NYC-based financial institutions are working with auditors and regulators to
Get cryptographic erasure recognized as an accepted sanitization method for their sectorIdentify the associated key management requirements
22
ISO 27001: Laying the Foundation
23
Should we be thinking about 27001?How bad is your pain?• We need to prove to many
of our clients that we are “secure”
• We need to prove that many of our service providers keep our data secure
• We need to prove we are compliant with a high number of standards
• We are struggling with regards to information security
“Logical sanitization should be used to clear virtualized storage, especially when the actual storage devices and media cannot be determined.”
“Sanitization of media at end-of-use situations is recommended, even when using encryption methods.”
Organizations should maintain a record of sanitization activities Proof of sanitization takes on at least two forms: 1) an audit log trail and 2) a certificate of sanitization
ISO 27040: Erasing at Logical & Virtual Level
24
More Legislation Paves Way for Tighter Security
25
Compliance
Reporting
Erasure
Versatility
Automation
Implement the Right Process in Time!
26
The whole is greater than the sum of its parts”- Aristotle
‘‘
ISO/IEC 27040:2015, Information technology – Security techniques – Storage security; Cost = CHF 198; http://www.iso.org/iso/catalogue_detail?csnumber=44404NIST Special Publication 800-88 Revision 1, Media Sanitization, http://dx.doi.org/10.6028/NIST.SP.800-88r1 SNIA Security Whitepapers:
SNIA Storage Security – SanitizationSNIA Storage Security – Encryption and Key Managementhttp://www.snia.org/securitytwg
Blancco Technology Group Materials:Cloud and Data Center Erasure: Why Delete Doesn’t Suffice
Related Resources
27
Complimentary Registration at www.snia.org/dss-summit
28
Thank You!Questions?
29