Encryption: Debunking the Top 10 Myths About This Data Defense
Myth #1: We'll See a Performance Hit
It's true that encryption has a cost, but there are many additional factors that affect total system performance. As long as encryption is implemented correctly, overhead can be minimal. Further, if you deploy virtualization on systems with commodity processors, the cost of extra CPU, especially in the cloud, is minor and certainly worth the investment to protect your data.
Myth #2: Encryption Terminology Is Too Hard to Understand
There are many complex buzzwords and acronyms to describe encryption and key management: Advanced Encryption Standard (AES); Triple DES (3DES), which refers to the Triple Data Encryption Algorithm; National Institute of Standards and Technology (NIST); and Key Management Interoperability Protocol (KMIP). However, some encryption products on the market today eliminate the need for high-level technical knowledge and can be easily deployed to protect confidential information. With some of these solutions, you never see any encryption keys, and the only choices you need to make are simple policy decisions on what encryption algorithm you want to use and the expirations of keys.
Myth #3: Managing Encryption Keys Is a Nightmare
Having password protection for a key that encrypts data on mobile, notebook and desktop is fine. However, this does not scale well when dealing with tens, hundreds or thousands of encrypted devices. Good key management solutions take this headache away, and all you need to do is make sure your key and policy server is backed up, just like you would any other data. With a highly available key server, failure of a key server will not result in loss of access to keys.
Myth #4: It's Easy to Lose Encryption Keys
With encryption, if you lose your keys, you lose access to your data. It is incredibly important that no single person has control of the keys, or simple human error can exacerbate the problem. With a highly available key management cluster, it's good practice to place different key servers in the cluster in different physical locations.
Myth #5: Encryption Is Hard to Deploy
Without knowing it, we all use Secure Sockets Layer, or SSL, (network encryption) on a daily basis when we shop on the Web or do online banking. We don't typically hear complaints about the complexity of Web access or poor performance. We need our credit card data protected, and networks have been built to accommodate this. The same principles go for protecting your data, whether on private or public cloud servers.
Myth #6: Encryption Won't Ensure PCI Compliancy in Virtualized Environments
Concerns are often raised about securing the snapshot and suspending files that are supported by virtualization platforms, and the new Payment Card Industry Data Security Standard (PCI DSS) virtualization guidelines specifically draw out these issues. There are encryption products that allow you to selectively encrypt all or part of the virtual machine, including the snapshot files and without making any changes to the VM or applications.
Myth #7: Rotating Encryption Keys Means Application Downtime
Many regulations require periodic key rotations. With databases reaching the hundreds of gigabytes or even terabytes, this process can take many hours, if not days. An encryption solution should be able to perform key rotation while your applications are still running, reducing rotation time.
Myth #8: Enterprise-Grade Encryption Is Expensive
Enterprise-grade solutions traditionally require hardware-based key management systems, which can cost you tens of thousands of dollars before you even secure your first server. But it doesn't have to be this way. There are software-based solutions available that are affordable when protecting your virtualization and data in the cloud.
Myth #9: Encryption in the Cloud Isn't Secure
Many organizations want to hold the keys themselves. Would you give the keys to your house to someone you didn't know? Of course not. The best method is to find software that protects your data in any type of cloud environment and allows you to hold your own keys. This allows you to stay in control while ensuring that any data left behind when withdrawing from the cloud is fully encrypted and never accessible.
Myth #10: Encryption Solutions Don't Work Across All Platforms
Encryption vendors have typically faced challenges supporting myriad platforms. This is even truer for virtualized environments, especially if your organization leverages public cloud. There are encryption solutions that work across different virtualization and cloud platforms to manage your data more easily and most cost effectively.