IBM Systems Magazine, Power Systems - AIX digital edition - April/May 2009 - (Page 27) globe, such as California Senate Bill 1386, Payment Card Industry (PCI) standards, Gramm-Leach-Bliley Act and HIPAA to ensure data is protected and disclosures are made when data is lost. An effective method for protecting this data is simply to encrypt it, wherever it resides and wherever it may travel. Unfortunately, for many organizations this is easier said than done, especially since you can’t just encrypt it once across all of the environments described above. For example, you can’t give your customers the same encryption key to access their data on your Web site that you use to encrypt on tape. Those same tapes likely contain other customer data. T h e r e a l i t y i s i f y o u w a n t to e n c r y p t y o u r d a t a wherever it lives or goes, you have to manage hundreds, if not thousands, of encryption keys and certificates across different applications, platforms and even appliances. So what do you do now? You can’t simply acquiesce and decide not to encrypt. We’ve seen organizations have their brands trounced in the press, spend millions to inform customers of a data loss, cover the cost of credit report monitoring against identity theft, pay huge fines and even go out of business because they didn’t properly protect their customers’ data. Encryption Overview and Management Challenges Let’s examine encr yption and what’s required to manage it. We’ll use the aforementioned data example to help g ive some conte x t . W hen look i ng at encr y pt ion , it’s important to know the type of encryption you’ll use. The two predominant t y pes are sy mmetr ic-key and public-key encryption (also called asymmetrickey encryption). Wikipedia provides Table 1 PCI Data Security Standard Requirements a wealth of information on these two types of encryption, so we won’t 3.6 Fully document and implement all key-management processes and procedures for explain them in any depth here. It’s keys used for encryption of cardholder data, including the following: suf f icient to say s y m met r ic3.6.1 Generation of strong keys ke y encr y pt ion u ses one ke y 3.6.2 Secure key distribution ( “s y m met r ica l,” due to t he fac t 3.6.3 Secure key storage t h at y ou e nc r y pt a nd d e c r y pt 3.6.4 Periodic changing of keys with the same key) and public-key s !S DEEMED NECESSARY AND RECOMMENDED BY THE ASSOCIATED APPLICATION encryption uses two keys. (One is (for example, re-keying); preferably automatically called a private key and the other s !T LEAST ANNUALLY is ca l led a public ke y, wh ich i s 3.6.5 Destruction of old keys t y pically contained in a cer tif i3.6.6 Split knowledge and establishment of dual control of keys (so it requires two cate. This is done with a Public Key or three people, each knowing only their part of the key, to reconstruct the Infrastructure, or PKI.) In most cases, whole key) the application or system you’re using 3.6.7 Prevention of unauthorized substitution of keys to provide encryption will dictate 3.6.8 Replacement of known or suspected compromised keys what type of encryption to use. 3.6.9 Revocation of old or invalid keys Coming back to our example: the 3.6.10 Requirement for key custodians to sign a form stating they understand and database platform that stores the accept their key-custodian responsibilities customer data will likely leverage AP RIL/MA Y 2 009 i bms ystemsmag . com /aix symmetric-key encryption to protect its data. However, to transfer the data to other systems securely—such as tape systems, application servers and middleware—the database platform will most likely support public key-based encryption (via SSL or some other security protocol). The tape systems will probably utilize symmetric-key encryption to protect data on tapes, but may also use a hybrid of public and symmetric keys for protection. The Web servers, application servers and middleware used to deliver data to business partners and customers will most likely use public-key encryption (via SSL or VPN). Finally, depending on the encryption solution you select, laptops will either use symmetric- or public-key encryption to protect data stored on disk. The basic practices used to manage keys used in symmetrickey and public-key encryption are similar with one important distinction: with public-key encr y ption you have to go through the trouble of getting a certificate. However, the fact that they’re similar doesn’t make them any less complex, especially if you’re subject to audits that measure your compliance with one or more regulations and/or security standards that dictate specific encryption key-management practices. For example, PCI Data Security Standard provides a strict list of requirements (see Table 1, below). Although the requirements prescribed by PCI may seem complex, they’re standard practices for properly securing encryption environments. Adding another level of complexity, each application and platform has its own conventions and methodologies for management. This presents a big challenge 27 http://www.ibmsystemsmag.com/aix Table of Contents for the Digital Edition of IBM Systems Magazine, Power Systems - AIX digital edition - April/May 2009 IBM Systems Magazine, Power Systems — AIX digital edition - April/May 2009 Editor's Desk: High-Flying Security Focus of Storage: Solid-State Disks Will Become Integral to Many Enterprise Storage Infrastructures Case Study: ProHealth Care Improves Backup and Recovery Processes by Deploying a Near Real-time Mirroring Solution. Cover Story: High-availability Offerings for Power Systems Running AIX Help Guarantee a Resilient Infrastructure. Feature: Dynamic Infrastructure Helps Companies Reduce Costs, Manage Risks and Improve Services. Administrator: A Systems-Management Approach to Symmetric and Asymmetric Keys Product News Advertiser Index Power Systems Perspective: Growing Solutions to Reduce Risk IBM Systems Magazine, Power Systems - AIX digital edition - April/May 2009 IBM Systems Magazine, Power Systems - AIX digital edition - April/May 2009 - IBM Systems Magazine, Power Systems — AIX digital edition - April/May 2009 (Page Cover1) IBM Systems Magazine, Power Systems - AIX digital edition - April/May 2009 - IBM Systems Magazine, Power Systems — AIX digital edition - April/May 2009 (Page Cover2) IBM Systems Magazine, Power Systems - AIX digital edition - April/May 2009 - IBM Systems Magazine, Power Systems — AIX digital edition - April/May 2009 (Page 1) IBM Systems Magazine, Power Systems - AIX digital edition - April/May 2009 - IBM Systems Magazine, Power Systems — AIX digital edition - April/May 2009 (Page 2) IBM Systems Magazine, Power Systems - AIX digital edition - April/May 2009 - IBM Systems Magazine, Power Systems — AIX digital edition - April/May 2009 (Page 3) IBM Systems Magazine, Power Systems - AIX digital edition - April/May 2009 - IBM Systems Magazine, Power Systems — AIX digital edition - April/May 2009 (Page 4) IBM Systems Magazine, Power Systems - AIX digital edition - April/May 2009 - Editor's Desk: High-Flying Security (Page 5) IBM Systems Magazine, Power Systems - AIX digital edition - April/May 2009 - Focus of Storage: Solid-State Disks Will Become Integral to Many Enterprise Storage Infrastructures (Page 6) IBM Systems Magazine, Power Systems - AIX digital edition - April/May 2009 - Focus of Storage: Solid-State Disks Will Become Integral to Many Enterprise Storage Infrastructures (Page 7) IBM Systems Magazine, Power Systems - AIX digital edition - April/May 2009 - Focus of Storage: Solid-State Disks Will Become Integral to Many Enterprise Storage Infrastructures (Page 8) IBM Systems Magazine, Power Systems - AIX digital edition - April/May 2009 - Focus of Storage: Solid-State Disks Will Become Integral to Many Enterprise Storage Infrastructures (Page 9) IBM Systems Magazine, Power Systems - AIX digital edition - April/May 2009 - Case Study: ProHealth Care Improves Backup and Recovery Processes by Deploying a Near Real-time Mirroring Solution. (Page 10) IBM Systems Magazine, Power Systems - AIX digital edition - April/May 2009 - Case Study: ProHealth Care Improves Backup and Recovery Processes by Deploying a Near Real-time Mirroring Solution. (Page 11) IBM Systems Magazine, Power Systems - AIX digital edition - April/May 2009 - Case Study: ProHealth Care Improves Backup and Recovery Processes by Deploying a Near Real-time Mirroring Solution. (Page 12) IBM Systems Magazine, Power Systems - AIX digital edition - April/May 2009 - Case Study: ProHealth Care Improves Backup and Recovery Processes by Deploying a Near Real-time Mirroring Solution. (Page 13) IBM Systems Magazine, Power Systems - AIX digital edition - April/May 2009 - Cover Story: High-availability Offerings for Power Systems Running AIX Help Guarantee a Resilient Infrastructure. (Page 14) IBM Systems Magazine, Power Systems - AIX digital edition - April/May 2009 - Cover Story: High-availability Offerings for Power Systems Running AIX Help Guarantee a Resilient Infrastructure. (Page 15) IBM Systems Magazine, Power Systems - AIX digital edition - April/May 2009 - Cover Story: High-availability Offerings for Power Systems Running AIX Help Guarantee a Resilient Infrastructure. (Page 16) IBM Systems Magazine, Power Systems - AIX digital edition - April/May 2009 - Cover Story: High-availability Offerings for Power Systems Running AIX Help Guarantee a Resilient Infrastructure. (Page 17) IBM Systems Magazine, Power Systems - AIX digital edition - April/May 2009 - Cover Story: High-availability Offerings for Power Systems Running AIX Help Guarantee a Resilient Infrastructure. (Page 18) IBM Systems Magazine, Power Systems - AIX digital edition - April/May 2009 - Cover Story: High-availability Offerings for Power Systems Running AIX Help Guarantee a Resilient Infrastructure. (Page 19) IBM Systems Magazine, Power Systems - AIX digital edition - April/May 2009 - Feature: Dynamic Infrastructure Helps Companies Reduce Costs, Manage Risks and Improve Services. (Page 20) IBM Systems Magazine, Power Systems - AIX digital edition - April/May 2009 - Feature: Dynamic Infrastructure Helps Companies Reduce Costs, Manage Risks and Improve Services. (Page 21) IBM Systems Magazine, Power Systems - AIX digital edition - April/May 2009 - Feature: Dynamic Infrastructure Helps Companies Reduce Costs, Manage Risks and Improve Services. (Page 22) IBM Systems Magazine, Power Systems - AIX digital edition - April/May 2009 - Feature: Dynamic Infrastructure Helps Companies Reduce Costs, Manage Risks and Improve Services. (Page 23) IBM Systems Magazine, Power Systems - AIX digital edition - April/May 2009 - Feature: Dynamic Infrastructure Helps Companies Reduce Costs, Manage Risks and Improve Services. (Page 24) IBM Systems Magazine, Power Systems - AIX digital edition - April/May 2009 - Feature: Dynamic Infrastructure Helps Companies Reduce Costs, Manage Risks and Improve Services. (Page 25) IBM Systems Magazine, Power Systems - AIX digital edition - April/May 2009 - Administrator: A Systems-Management Approach to Symmetric and Asymmetric Keys (Page 26) IBM Systems Magazine, Power Systems - AIX digital edition - April/May 2009 - Administrator: A Systems-Management Approach to Symmetric and Asymmetric Keys (Page 27) IBM Systems Magazine, Power Systems - AIX digital edition - April/May 2009 - Administrator: A Systems-Management Approach to Symmetric and Asymmetric Keys (Page 28) IBM Systems Magazine, Power Systems - AIX digital edition - April/May 2009 - Administrator: A Systems-Management Approach to Symmetric and Asymmetric Keys (Page 29) IBM Systems Magazine, Power Systems - AIX digital edition - April/May 2009 - Product News (Page 30) IBM Systems Magazine, Power Systems - AIX digital edition - April/May 2009 - Advertiser Index (Page 31) IBM Systems Magazine, Power Systems - AIX digital edition - April/May 2009 - Power Systems Perspective: Growing Solutions to Reduce Risk (Page 32) IBM Systems Magazine, Power Systems - AIX digital edition - April/May 2009 - Power Systems Perspective: Growing Solutions to Reduce Risk (Page Cover3) IBM Systems Magazine, Power Systems - AIX digital edition - April/May 2009 - Power Systems Perspective: Growing Solutions to Reduce Risk (Page Cover4) IBM Systems Magazine, Power Systems - AIX digital edition - April/May 2009 - Power Systems Perspective: Growing Solutions to Reduce Risk (Page RF1) IBM Systems Magazine, Power Systems - AIX digital edition - April/May 2009 - Power Systems Perspective: Growing Solutions to Reduce Risk (Page RF2) http://www.nxtbookMEDIA.com
For optimal viewing of this digital publication, please enable JavaScript and then refresh the page. If you would like to try to load the digital publication without using Flash Player detection, please click here.