Getting Data In
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

How to encrypt archived data?

amoldesai
Explorer
‎09-12-2016 11:02 AM

We have a requirement from our security team to have the "Backup copies of sensitive information are encrypted"

Can someone please provide information on how the archived data can be encrypted.

Thanks

0 Karma
Reply

dwaddle
SplunkTrust
SplunkTrust
‎09-12-2016 09:59 PM

The requirement is somewhat vague. When you say "Backup copies", is that implying something like (say) LTO tape? Or are you keeping your "backups" on disk? Once you reach LTO-4, LTO is incredibly easy to encrypt using native LTO encryption. If you are leaving everything on disk for your "backups" and performance is not a concern then you might be able to use something like LUKS + dm-crypt to make an encrypted filesystem. Or maybe you run a script that does a 'gpg' encryption of frozen data. You really haven't said a lot about your target environment so any one of these is as valid as any other.

One of the important things about planning for encryption of data at rest is identifying what threats you wish to protect that data from. Like in the above examples, in the case of LTO-4 tape the encryption of the tape itself is a powerful way to be sure that if a tape is misplaced it is not trivially read. And an encrypted filesystem with LUKS + dm-crypt is great to protect disk drives attached to servers in the data center from being physically carried offsite and read. But, with the LUKS + dm-crypt approach, the operating system maintains the full ability to read the encrypted storage and decrypt it on behalf of the user. In terms of threat modeling, an OS-level encrypted disk provides almost no protection from a piece of malware that uses the OS features to read the disk on its behalf.

You have to know what threats you are trying to protect your data from before you start trying to pick out what encryption systems are going to work for you.

0 Karma
Reply

amoldesai
Explorer
‎09-13-2016 10:42 AM

I meant about frozen data. Thanks for information on "gpg" encryption of frozen data. We will evaluate that.

Your post is informative,good to know about other aspects of backup/encryption. Thanks Dwaddle.

0 Karma
Reply

s2_splunk
Splunk Employee
Splunk Employee
‎09-12-2016 01:44 PM

When you say "archived data", do you mean frozen, i.e. data that has aged out of cold? If so, you would have to provide a coldToFrozenScript that does the encryption for you.
Otherwise, please clarify what your needs are.

0 Karma
Reply

amoldesai
Explorer
‎09-13-2016 10:34 AM

I did mean about frozen data. Good to know about coldToFrozenScript . It helps. Thanks

0 Karma
Reply
Get Updates on the Splunk Community!

Adoption of RUM and APM at Splunk

    Unleash the power of Splunk Observability   Watch Now In this can't miss Tech Talk! The Splunk Growth ...

Routing logs with Splunk OTel Collector for Kubernetes

The Splunk Distribution of the OpenTelemetry (OTel) Collector is a product that provides a way to ingest ...

Welcome to the Splunk Community!

(view in My Videos) We're so glad you're here! The Splunk Community is place to connect, learn, give back, and ...