Getting Data In

How to encrypt archived data?

amoldesai
Explorer

We have a requirement from our security team to have the "Backup copies of sensitive information are encrypted"

Can someone please provide information on how the archived data can be encrypted.

Thanks

0 Karma

dwaddle
SplunkTrust
SplunkTrust

The requirement is somewhat vague. When you say "Backup copies", is that implying something like (say) LTO tape? Or are you keeping your "backups" on disk? Once you reach LTO-4, LTO is incredibly easy to encrypt using native LTO encryption. If you are leaving everything on disk for your "backups" and performance is not a concern then you might be able to use something like LUKS + dm-crypt to make an encrypted filesystem. Or maybe you run a script that does a 'gpg' encryption of frozen data. You really haven't said a lot about your target environment so any one of these is as valid as any other.

One of the important things about planning for encryption of data at rest is identifying what threats you wish to protect that data from. Like in the above examples, in the case of LTO-4 tape the encryption of the tape itself is a powerful way to be sure that if a tape is misplaced it is not trivially read. And an encrypted filesystem with LUKS + dm-crypt is great to protect disk drives attached to servers in the data center from being physically carried offsite and read. But, with the LUKS + dm-crypt approach, the operating system maintains the full ability to read the encrypted storage and decrypt it on behalf of the user. In terms of threat modeling, an OS-level encrypted disk provides almost no protection from a piece of malware that uses the OS features to read the disk on its behalf.

You have to know what threats you are trying to protect your data from before you start trying to pick out what encryption systems are going to work for you.

0 Karma

amoldesai
Explorer

I meant about frozen data. Thanks for information on "gpg" encryption of frozen data. We will evaluate that.

Your post is informative,good to know about other aspects of backup/encryption. Thanks Dwaddle.

0 Karma

s2_splunk
Splunk Employee
Splunk Employee

When you say "archived data", do you mean frozen, i.e. data that has aged out of cold? If so, you would have to provide a coldToFrozenScript that does the encryption for you.
Otherwise, please clarify what your needs are.

0 Karma

amoldesai
Explorer

I did mean about frozen data. Good to know about coldToFrozenScript . It helps. Thanks

0 Karma
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...