Sat May 17 10:29:54 PDT 2014

Content control: Data at rest: What should I store encrypted?


Options:

{Required, Sensitive, All, Required} information in {Servers, Desktops, Mobile devices, Backups, Critical high-value primary servers with strong physical security}

Decisions:

Enter the controls desired for data at rest:

location low risk medium risk high risk
servers required required all
local required required all
mobile sensitive sensitive all
backup required required all
primary required required required
Controls for data at rest

Basis:

Sensitive:
Information that must be protected from observation either because it is confidential or because it revels operational information that could be used in intelligence, should be encrypted in storage when that storage may be physically accessible in order to prevent exploitation

All:
Encryption of all high risk data at rest is reasonable unless there is a reason to not encrypt it, such as for recovery purposes or because it causes performance degradation that makes induced the high consequences, or because availability and forensics capability is considered more important than secrecy.

Required:
Some data is required to be encrypted by contract or regulation. In these cases, there is no choice.


Servers:
These are computers in a fixed location, typically a data center or colocated with the users who have access to the same content, and which have physical controls.

Desktops:
These computers are typically used to access servers and other content but don't contain large quantities of sensitive data for long periods of time.

Mobile devices:
These devices move from place to place on a daily or regular basis. As a result, sensitive content contained within them is subject to a wider range of physical assaults.

Backups:
These are redundant copies of data and systems containing data.

Critical high-value primary servers with strong physical security:
These are the primary servers that are required for real-time processing and that contain the authoritative copy of the data. They are generally required to operate continuously, have severe performance requirements, and recoverability of data is critical to their operational value.


The use of encryption for information in storage is specifically and solely for the purpose of preventing unauthorized revelation of content. It is moderately priced for entire file systems and media, but more expensive and harder to manage if only select content is to be encrypted. However, it is also far harder to do forensic analysis, data recovery, and management of systems in which content is encrypted. For that reason, encryption should be used only when required.

In low risk and medium risk situations: Never encrypt content unless it is being used in mobile systems and in that case only encrypt sensitive information. It is often an option to only allow remote access to sensitive information stored on internal servers via encrypted communication to reduce the need to store sensitive information in encrypted form on remote systems. If backups are taken off site and stored elsewhere, encryption should be used in transit, however, be very cautious about encrypting backups because loss of keys or media errors can make the entire content permanently unusable. In cases where fine grained encryption is more expensive or harder to use than file system, user, or directory encryption, those should be used instead.

In high risk situations: In high risk situations systems with sensitive data that could lead to severe consequences if released should be encrypted as part of full-disk or full media encryption on servers, local systems, remote systems, and backups. Remote systems of this risk level should only be used if absolutely necessary. To the extent possible the systems with these requirements should be restricted to only computers and data absolutely necessary to run at these risk levels. When there is physical security present and when the data is a primary authoritative data source, the risk of loss of use may exceed the value of protection, so encryption is not recommended.

Copyright(c) Fred Cohen, 1988-2012 - All Rights Reserved