[Pasig-discuss] Risks of encryption & compression built into storage options?
David Rosenthal
dshr at stanford.edu
Thu Mar 16 16:47:10 EDT 2017
On 03/16/2017 08:53 AM, Jeanne Kramer-Smyth wrote:
> I am being told by the staff who source storage solutions for my
> organization that encryption and compression are generally included
> at the hardware level. That content is automatically encrypted and
> compressed as it is written to disc - and then un-encrypted and
> un-compressed as it is pulled off disc in response to a request. It
> is advertised as both more secure (someone stealing a physical disc
> could not, in theory, extract its contents) and more cost efficient
> (taking up less space).
>
> I want to be sure that as we make our choices for long-term storage
> of permanent digital records that we take these risks into accounts.
Archival systems have to treat all media as unreliable, because they
are. The path between the analog data on the disk platters and the
unencrypted uncompressed data at the SATA or SAS interface is enormously
complex (you truly do not want to, and in fact cannot, know), but it is
irrelevant to applications using the disks.
Media should be treated as black boxes. Data goes in, data comes out.
Some data returned will be bad. At some point the entire medium will
die. Archival systems have to live with these facts.
Depending on your threat model, encrypting data at rest may be a good
idea. Depending on the media to do it for you, and thus not knowing
whether or how it is being done, may not be an adequate threat
mitigation.
You may be interested in this blog post:
http://blog.dshr.org/2016/12/the-medium-term-prospects-for-long-term.html
especially the sections:
Does Long-Term Storage Need Long-Lived Media?
Does Long-Term Storage Need Ultra-Reliable Media?
David.
More information about the Pasig-discuss
mailing list