Content control: Data at rest: What is stored encrypted?Options:When {required, sensitive, convenient} encrypt stored information in {servers, desktops, mobile devices, off-line backups, critical high-value authoritative storage systems, trustworthy systems} {with strong physical security}.Decision: IF encryption is required by legal or regulatory mandate THEN Encrypt.
Basis:Sensitive:
All:
Required:
Servers: These are computers in a fixed location, typically a data center or collocated with the users who have access to the same content, and which have physical controls. Desktops:
Mobile devices:
Off-line backups:
Critical high-value primary servers with strong physical security:
The use of encryption for information in storage is specifically and solely for the purpose of preventing unauthorized revelation of content. It is moderately priced for entire file systems and media, but more expensive and harder to manage if only select content is to be encrypted. However, it is also far harder to do forensic analysis, data recovery, and management of systems in which content is encrypted. For that reason, encryption should be used only when the utility of secrecy is higher than the utility of access, or when enough redundant access and supporting encryption infrastructure is available. In low risk and medium risk situations: encrypt content when it's convenient to do so or when the utility of secrecy is higher than the utility of access. It is often an option to only allow remote access to sensitive information stored on internal servers via encrypted communication to reduce the need to store sensitive information in encrypted form on remote systems. If backups are taken off site and stored elsewhere, encryption should be used in transit, however, be very cautious about encrypting backups because loss of keys or media errors can make the entire content permanently unusable. In cases where fine grained encryption is more expensive or harder to use than file system, user, or directory encryption, those should be used instead. In high risk situations: In high risk situations systems with sensitive data that could lead to severe consequences if released should be encrypted as part of full-disk or full media encryption on servers, local systems, remote systems, and backups. Remote systems of this risk level should only be used if absolutely necessary. To the extent possible the systems with these requirements should be restricted to only computers and data absolutely necessary to run at these risk levels. When there is physical security present and when the data is a primary authoritative data source, the risk of loss of use may exceed the value of protection, so encryption is not recommended. |