There are hardware and software options available. Basic options include:
- Storage System - secures data at rest, least secure, hardware / hosting implication, easiest to implement
- Network Appliance -mid-level security, secures data in-flight, lowest barrier to entry, cost-effective, doesn't affect current storage infrastructure, can be bypassed if necessary, one required for every 1-2 storage devices, good short-term solution but may not scale
- Host-based - most secure, requires installation on client computer
Notes:
- Don't encrypt everything. Figure out what's really important and only encrypt that.
- No matter what solution you choose, use centralized key management.
- Some level of automation of key requisition, backup, etc., should be required.
- An API doesn't hurt, either.
No comments:
Post a Comment