WHITEPAPER Encryption versus Resilience in High Security Arenas Achieving both objectives through the use of Software Continuity
Table of Contents Executive Summary.........................................................................................................................................................3 Need for encryption of stored data................................................................................................................................4 Methods of encrypting stored data................................................................................................................................4 File level encryption.........................................................................................................................................................4 Full drive encryption........................................................................................................................................................5 Partition encryption.........................................................................................................................................................5 Alternate strategies.........................................................................................................................................................6 Software continuity.........................................................................................................................................................7 Single Instance Storage (File Deduplication).................................................................................................................7 Local image caching........................................................................................................................................................8 Preboot Execution Environment (PXE)...........................................................................................................................9 The power of three...........................................................................................................................................................9 Combining the Partition Encryption with Software Continuity................................................................................10 Increased Security..........................................................................................................................................................10 Additional enhancements.............................................................................................................................................10 Summary........................................................................................................................................................................11 About Semper Software.................................................................................................................................................11
2
Executive Summary With the increase in mobile computing technology and the availability of high speed connectivity, businesses and individuals are experiencing unparalleled cost savings and increasing productivity. Today more than 50% of all client IT infrastructure consists of mobile devices such as laptops. These incredibly useful machines cause a problem for high security enterprises such as banks, the military, or government institutions. In fact the potential for loss or theft of these devices is a problem for anyone who subscribes to data confidentiality. If the hard drive in the mobile device contains customer information or even more sensitive data such as medical records from a doctor or legal information from a legal concern, then the loss or theft of such a device could be catastrophic for both the image of the business and for its individual customers and their families. With the increased media attention and awareness of the problem, data protection is becoming the focal point in today’s IT department. Many organizations have thus opted for the use of full disk or partition, encryption software that makes the data along with the Operating System and applications unreadable without the entry of some form of authentication. There are significant challenges in providing these secure and protected data services to the mobile computing sector. Cost and complexity are significantly increased when partition or disk encryption is applied. Simply put, the software on the device becomes difficult or impossible for IT staff to repair when the machine is encrypted. If the IT staff member is forced to reformat and reinstall the machine this almost always results in catastrophic data loss for the organisation and days of lost time and productivity for the employee as they reinstall and reconfigure the applications that they use. This white paper discusses an approach where the judicious use of both encryption software and Software Continuity software in high security areas enables both encryption and resilience by providing secure data whilst simultaneously enjoying Operating System and Application repair in minutes.
Š Semper Software I Encryption versus Resilience in High Security Arenas I Achieving both objectives through the use of Software Continuity
3
Need for encryption of stored data Today encrypting data in motion using secure web services and encrypted VPN access is relatively standard within most organisations. Thus very little data theft occurs these days from network traffic. However, it is not the data in motion, but the stored data, specifically data stored on mobile computing devices that has come under scrutiny of late. The news is full of incidents of devices with sensitive stored data being stolen or devices that have been lost. Victims of data theft or data loss face significant consequences. Not only do organizations incur a loss of reputation resulting in diminished current and future customers, numerous laws and regulations mandate the encryption of sensitive data, and stiff penalties, fines, and even jail time await those don’t implement the proper safeguards. Providing data protection to these devices is critical. The challenge is to provide these services at an affordable and manageable level.
Methods of encrypting stored data There are basically only two methods to apply data protection to mobile computing devices, and both have their advantages and disadvantages: 1. File-level encryption 2. Full drive encryption
File level encryption File-level encryption, as the name implies, encrypts files at an individual level and requires a level of authentication before decrypting secured files. Since only sensitive files are encrypted, the system performance with file-level encryption is faster than in software based full drive encryption system. Another advantage of file-level encryption is that the data encryption is persistent and is not dependant on any particular device or location for its protection. In spite of these advantages, file-level encryption has a number of disadvantages that need to be well understood: • It is difficult to deploy and manage from a policy point of view. Organizations need to first determine what data needs to be encrypted and that’s not a trivial exercise. • It has dependence on user action. Since users can inadvertently forget to encrypt a file that should be encrypted, or intentionally choose not to, the whole security system is very prone to human weaknesses. • It is sometimes impossible, or at least impractical to encrypt specific bits of sensitive data within an application. For example, there is no way in Microsoft Outlook to encrypt specific fields or a specific record within the Contacts database.
4
Full drive encryption The second method is by encrypting the entire storage device and is called full drive encryption. Once installed, full drive encryption is completely automatic and transparent. There are no burdensome administrative policies to establish or enforce because everything is protected, even isolated records or fields within database applications. The security is provable in an audit and it will hold up in court because it’s not subject to human weaknesses. While organizations still need a method to recover data on a user’s disk drive, the overall key management effort is a fraction of that required in file-level solutions. However, while full drive encryption is a better approach for solid protection of data stored on disk drives, this is the mechanism which presents the most expensive and time consuming strategy. Usually when using full drive encryption, most of the encrypted data is non-sensitive, adding unnecessary cost and wasted time. By encrypting the storage device a problem is also created if something should happen to the operating system. Invariably the system becomes completely unusable. Recovery is also in most cases impossible, leaving the only option to erase and start again, resulting in losses of data and productivity many times greater than one would normally expect.
Partition encryption A better alternative to encrypting the entire storage device is to encrypt only a specific partition. Examples of software that can perform such partition encryption are TrueCrypt (open source software), or Microsoft Bitlocker which is included with the Ultimate and Enterprise editions of Microsoft’s Windows Vista and Windows 7 desktop operating systems, as well as the Windows Server 2008 and Windows Server 2008 R2 server platforms. By locating all sensitive data in a different partition, and thus separating data from the operating system, this approach enables only the data partition to be encrypted, while leaving the system partition accessible. In the event of system partitions failures (e.g. operating system failure), various methods can be employed to recover the system to a working state, or in a worst case scenario, even rebuild the entire operating system. However, no matter what method is employed, extra care needs to be taken so that if there is important data in the data partition that is encrypted, this second partition is not inadvertently formatted or erased. Typically this requires major intervention from second line support, often involving removing the hard disk from the computer in order to first recover the data before rebuilding the operating system.
© Semper Software I Encryption versus Resilience in High Security Arenas I Achieving both objectives through the use of Software Continuity
5
Alternate strategies Where the separation between an encrypted data partition and a system partition significantly improves stored data security, resilience is still an area for concern. System partition failures are time consuming to solve, and there is always the risk that a system partition failure results in an inadvertently formatted or erased encrypted data partition. How can an IT department realize resilience and high availability, while maintain a high level of data security? The answer is the use of Software Continuity solutions. If the computer has been deployed and prepared using a Software Continuity solution it is possible to return the operating system back to a known good state within minutes, either online or offline, without affecting the encrypted data partition. It is even possible to deploy an entirely new operating system to the main partition whilst keeping the encrypted data partition intact as the following diagram illustrates. Let’s take a look at Software Continuity in more detail first, before discussing Partition Encryption combined with Software Continuity to realize both high availability and a high level of data security.
Operating system partition unencrypted with resilience maintained by Semper Continuity Suite
Encrypted data partition – untouched by Software Continuity Solution Software Continuity cache partition First NTFS Partition - Operating system and applications Second Partition - Encrypted user data Hidden cache - Containing factory image
6
Software continuity Software Continuity refers to those activities performed daily to maintain service, consistency, and recoverability, and includes imaging, deployment, rapid re-deployment and rapid repair technologies. It significantly reduces the length of software deployment and recovery processes providing the highest availability and fastest recovery of PC and server operating systems, applications, data and settings. In order to be able to maintain PC and server software continuity at a minimum of 99.9% availability, a good software continuity solution needs to include the following technologies at minimum: • Single Instance Storage (File deduplication) • Local image caching and self repair • Preboot Execution Environment (PXE)
Single Instance Storage (File Deduplication) Traditional Instance Storage
File Deduplication
Image 5 1.5 GB
Image 4 1.5 GB
Image 3 1.5 GB
Single-instance storage is the ability to keep one copy of content that multiple users or computers share. It is a means to eliminate data duplication and to increase efficiency. Single instance storage can reduce the quantity of archive media required since it avoids storing duplicate copies of the same file. This means large numbers of images can stored within a very small amount of disk space as only the unique differences found in new images will increase the size of the image store (see diagram). This concept, that is also known as deduplication, does not only reduce the space required to store images by up to 95%, but also reduces the amount of data being copied across the network with 90% which speeds up imaging and cuts down on network utilization.
Image 2 1.5 GB
Image 1 1.5 GB
Image 1 1.5 GB
5x 1.5 GB = 7.5 GB
1x 1.5 GB + 4 x 200 MB = 1.58 GB
© Semper Software I Encryption versus Resilience in High Security Arenas I Achieving both objectives through the use of Software Continuity
7
Local image caching Local image caching is an advanced technique, where the local image cache is effectively a section of the hard disk that is unallocated and contains all the files necessary to build the system to the given configuration level. The image cache works as a mirror of the server file store in the SIS repository. If updates are made to the image, the software continuity solution replicates the updates to the clients via a multicast protocol. The concept of local image caching is key to a rapid repair and rapid re-deployment ability, and crucial in good and comprehensive software continuity solutions.
Free disk space
NTFS Partition
System image in unallocated partition
Secure Partition
Operating System, Applications and data
Using unique local image caching technology, a continuity software solution can automatically repair PCs and servers with missing or corrupt operating system or application files to a known good state. On reboot, missing and damaged files can be identified and replaced. When implemented correctly, this process usually adds less than half a minute to the boot process and, as it does not format the disk like other recovery solutions. The added benefit is that user’s data is left intact.
8
Preboot Execution Environment (PXE) The Preboot eXecution Environment (PXE) is an environment to boot computers using a network interface independently of data storage devices (like hard disks) or installed operating systems. PXE was introduced as part of the Wired for Management framework by Intel . The term PXE client only refers to the role that the machine takes in the PXE boot process. A PXE client can be a server, desktop, laptop or any other machine that is equipped with PXE boot code. PXE can be used for most anything. You can run a complete Operating System off the network using just the RAM, or you can mass-install or update Operating Systems stored on the local hard disks. Using PXE, a software continuity solution enables continuous visibility and control over PCs and servers without requiring the installation of an agent or driver on the target computer. Irrespective of the operating system type or system state, a good software continuity solution supporting PXE can even access and repair PCs and servers even if they are non-bootable. This ability to function without installed software is often referred to as “Zero Touch.”
The power of three The combination of File deduplication, local image caching (resulting in self-repair) and PXE represents an extremely powerful combination that enables strong software continuity solutions. A software continuity solution with these three capabilities offers fast deployment, redeployment, and multiple rollback points, resulting in availability in excess of 99.9% in enterprise PC and server environments. It not only enables IT staff to improve software deployment times by up to 80%, but will restore individual or groups of PCs and servers back to a working state within minutes.
© Semper Software I Encryption versus Resilience in High Security Arenas I Achieving both objectives through the use of Software Continuity
9
Combining the Partition Encryption with Software Continuity So the following broad process is assumed. 1. 2.
3.
The hard drive on the mobile device is partitioned with the Operating System and applications on the first partition and data on the second partition. The data partition is encrypted rendering its information inaccessible unless the right authentication is supplied. No sensitive information is kept on the first partition which is, in fact, configured to automatically save data to the encrypted partition. A snapshot of the Operating System and applications is taken by the Software Continuity product allowing the first partition to be rapidly repaired without compromise to the encrypted data.
Should the device be stolen the only information the thief will glean from it will be which Windows files or applications are installed.
Increased Security This mechanism can actually be more secure. Frequently in environments where the authentication keys are stored in a directory or database, high level IT administrators are able to access such stores. These rights which are required to perform repairs in environments without Software Continuity also allows them access to the encrypted partitions and thus the sensitive data creating a security hole particularly with respect to social engineering attacks and IT staff turnover. When implementing Software Continuity mechanisms combined with the split partition strategy no such security problem is created because the authentication keys can be kept out of the IT infrastructure.
Additional enhancements Both the Users folder and the ProgramData folder of Vista or Windows 7 can be relocated to the second (D:) partition by the use of an automated configuration script (Autounattend.xml) during installation. This is done prior to encryption or imaging. The D: partition is then only accessible by anyone providing the correct Active Directory (AD) authentication. This makes the security of the data as secure as the domain account policies. Furthermore, a personal backup product (e.g. Semper Personal Data Backup, included with Semper Continuity Suite) facilitates the post-logon backup of the users’ data to a secure, encrypted network location when connected. This means that a loss of device no longer equals a loss of data. The data can be recovered back to a new encrypted device by providing the user’s AD security ID (SID).
Summary A chain is a strong as it weakest link, and in order to reduce operational risk and ensure continuity, organization should include software continuity where it relates to IT systems outside the datacenter in their business continuity plan. This is particularly true of mobile devices that utilize partition encryption. Using the separate, encrypted data partition methodology in conjunction with a software continuity product, it is possible to deploy a computer which can rapidly be returned to a working state, either on-line or offline, whilst retaining the integrity of encrypted data stored on a second partition. With the addition of a personal data backup tool even the data can be recovered from an encrypted network repository should the device be lost due to damage or theft. Semper Continuity Suite from Semper software is the strongest and most complete software continuity solution on the market, and offers availability in excess of 99.9% in enterprise PC and server environments. Organizations looking at both encryption and resilience in high security areas, should use both partition encryption software and software continuity software to realize a high level of stored data security whilst simultaneously enjoying Operating System and application repair in minutes.
About Semper Software Semper Software, the proven leader in Windows and Linux software continuity, is driving a transformation in the way organizations reduce the cost of managing and deploying their PC and server populations. The company’s cutting edge technology empowers its customers, from SMBs to global enterprises, to manage what has become an increasingly complex PC and Server ecosystem, meeting all the requirements that are essential to software continuity, providing availability in excess of 99.9% and playing a crucial part in an overall business continuity strategy. Designed for servers, desktops and laptops, Semper Software’s award winning technology enables IT professionals to automatically recover PCs and servers from virtually any state back to a working state within minutes, without wiping any user data.
For more information, follow updates on Twitter@SemperSoftware and visit www.sempersoftware.com
© Semper Software I Encryption versus Resilience in High Security Arenas I Achieving both objectives through the use of Software Continuity
11