I was at a customer site recently, discussing their current data protection strategy, when their lead architect stuck his head around the door and asked whether they were encrypting data at rest, and if not, why not?
It’s a good question, and it was also the first time that he had asked it. I asked him why he was asking it, and it’s because the business was looking at how it would comply with GDPR next year, and they had therefore asked him to confirm that all data backed up was encrypted at rest.
Data breaches – such a regular story
Recently, among others, there has been a news story about a massive data breach at Equifax, which follows a similar pattern to previous ones. Hackers exploited a vulnerability in their website and grabbed valuable customer information and the company response leaves them open to widespread customer criticism.
Would encryption have helped in this case? That depends on the strength of the encryption and if the hackers were able to get hold of the encryption keys as well. At least, if the data had been encrypted, there would have been one more hurdle for the criminals to negotiate.
Which brings me back to our customer and data protection. Until recently, encryption of data within Spectrum Protect hasn’t been complete. Data could be encrypted at the client level, or if it was on tape, or if it was on a cloud storage pool. But, directory storage pools have been an exception since IBM introduced them in 7.1.3 a couple of years ago. This has always seemed a gap, particularly for the new storage paradigm for next-gen Spectrum Protect storage.
Spectrum Protect’s encryption story
Since 8.1.2 was released in August, it has included directory storage pools being encrypted at rest. It’s a relatively straightforward process, although there are security considerations to take into account with regard to the Spectrum Protect database. It’s a compelling reason to upgrade from earlier versions of Spectrum Protect and to consider your future plans. It’s just a small part of the data security jigsaw, but if you can do this now, it might make the bigger picture become more clear.
Discover why and where you need to encrypt
We are finding more and more of our customer discussions are now covering a wider gamut of security and compliance discussions. If you are still wrestling with the GDPR conundrum, now would be a great time to book an Encryption Discovery Workshop with our team.
