Data Security Concepts and Principles

Mother bear and her cub sleeping soundly together — A mother bear and her cub are sleeping soundly together inside a mountain cave with sunlight streaming in. The cave opening is sealed off by a vault door made of gleaming titanium. The massive door has embedded digital screens displaying encryption algorithms, biometric scans, and access logs. Laser grids crisscross the cave entrance and security cameras monitor the vicinity. Outside the cave, lush green forests and snow-capped mountains surround the serene scene under clear blue skies. A majestic eagle flies overhead keeping watch. The mother bear's face is filled with contentment knowing her cub is safe protected by the fortress-like cave secured with advanced technology and surveillance. The image conveys a feeling of tranquility and assurance that proper data security provides - allowing relaxation free of worry knowing sensitive information is guarded from external dangers.

Data Security Concepts and Principles

Confidentiality - Protecting sensitive data from unauthorized access and disclosure. Data should only be accessible to authorized parties.

Integrity - Safeguarding the accuracy and completeness of data. Data should not be improperly modified.

Availability - Ensuring data and systems are accessible to authorized users when needed. Protecting against data loss and system downtime.

Access Control - Managing permissions through authentication, authorization, and access rights to allow only proper data access and actions.

Accountability - Associating actions and changes to data with the entity responsible for those activities through auditing and logging.

Privacy - Ensuring personally identifiable information is properly protected, used, disclosed and disposed of according to regulations and policies.

Risk Management - Identifying, assessing and mitigating security risks to data through policies, training, technologies and audits. Includes incident response.

Defense in Depth - Layering complementary security controls to provide protection from multiple angles against threats. Avoiding single points of failure.

Default Deny - Denying access by default, then enabling selective access based on policies. Requires explicit permissions.

End-to-End Security - Securing data persistently and consistently from point of creation to destruction across storage, transmission, processing and presentation.

Security by Design - Embedding data security into applications, systems and processes proactively rather than an afterthought.

Continuous Improvement - Regularly reviewing, testing and enhancing defenses against evolving threats to data. Maintaining operational security.

2004: Strong encryption storage for forward-positioned applications

Encrypted

On October 26, 2004, Smartronix, Decru, and Network Appliance announced a secure storage solution designed for forward-deployed environments. The Expeditionary Encrypted Data Store (EEDS) combines storage systems and security appliances in a ruggedized, portable case. EEDS delivers reliable, intuitive storage functionality paired with powerful security features to support a broad range of missions.

Increasingly, modern operations require forward deployment of computing systems. These net-centric systems provide tremendous strategic advantages, but also expose an increasing amount of sensitive or classified data to new security challenges. Forward-deployed computer systems present a particularly difficult challenge, because physical capture of mission data and software could expose vast amounts of actionable intelligence to adversaries. Due to the power of modern forensic tools, data stored on disk drives is essentially indelible, further complicating the task of sanitizing data on short notice.

The Expeditionary Encrypted Data Store solution takes a simple approach: never store mission data in cleartext format. All data and applications are secured with strong encryption, and in the event of imminent capture, users can use Decru Crypto Shred features to instantly delete local encryption keys by pushing a button or turning a key. Because encryption keys are stored in secure hardware, and data is never written to disk in cleartext format, deleting the keys provides instant sanitization of the entire system. Backup encryption keys are securely stored at headquarters, and can be securely injected over the Global Information Grid, enabling rapid operational recovery from false alarms.

EEDS also enables operators to temporarily lock down systems by removing a cryptographic ignition key stored on a smart card. This feature enables systems to be securely transported, serviced, and deployed without exposing mission data to physical or electronic breaches. For example, a forward-deployed data center could be provisioned with pre-staged mission data, but all data would remain in encrypted format until authorized personnel arrive with the appropriate smart cards.

In addition to providing security against physical attempts, the EEDS solution provides the security and flexibility to support a broad array of operational missions. Examples include:

Secure storage consolidation: EEDS can be used to securely consolidate multiple separate groups or applications onto a single storage device. DataFort compartmentalizes data into Cryptainer vaults, allowing fine-grain access controls and surgical data deletion.
Coalition data sharing: EEDS enables coalition partners or agencies to securely share data on the same system. Need-to-know access controls and crypto-signed logs ensure accountability, and ensure that only authorized coalition partners get access to shared data. This ultimately provides the combatant commander with greater operational flexibility, and enables enhanced information sharing in the field. Because the sharing partner designates the access controls and key management policies, data access can be quickly provisioned and de-provisioned.
Insider mitigation: Storage and system administrators can easily manage all stored data, but EEDS does not allow unauthorized personnel to access cleartext data. This role separation further enforces need-to-know access, and provides greater flexibility in the selection of administrators.

Powerful NetApp storage features ensure availability and simplicity. For example, NetApp Snap Mirror software enables automatic and network-efficient replication of data to ensure continuity of operations. Because the software mirrors encrypted data from one system to another, all replicated copies are secure by default. Encryption keys can be securely injected into a remote Data Fort on demand when a recovery event arises, but until then no user or application at the remote site can access data.

Decru DataFort has received FIPS 140-2 Level 3 certification, as well as NIST certification for AES-256 and SHA-256, and is underway with Common Criteria certification with a target assurance level of EAL-4+. NetApp and Decru received DoD 5015.2 certification in September 2003, including certification of CryptoShred functionality for document shredding. NetApp and Decru solutions have been deployed by customers in sectors including financial services, healthcare, high technology, aerospace, and government.