Best Practices: Unraveling tape encryption - Storage Technology Magazine - Page 1

Best Practices: Unraveling tape encryption

Tape encryption technologies and practices are on the rise. But with more choices than ever, careful consideration of the options is critical.


Security and storage have traditionally been strange bedfellows, seemingly at odds despite so many efforts to sound the alarm concerning the risks inherent to networked storage environments. While awareness of the risks is on the rise, steps to address storage security holes have been slow to evolve. Still, the fear of being exposed on the pages of The New York Times and having to provide free Equifax credit checks to millions of consumers is incentive enough for most organizations to consider tape encryption.

Despite steadily growing interest, the number of companies that encrypt their tapes remains relatively small. When SAN-based encryption appliances were introduced a few years ago, there was a significant uptick in encryption interest. With the emergence of new generations of tape drives featuring onboard hardware encryption, companies are revisiting their tape security practices in the hope that this new technology will solve their current tape security concerns at an affordable price.


Technology options
Several factors play into the successful selection and deployment of a tape encryption technology. It's important to understand the strengths and weaknesses of the available solutions. The most

    Requires Free Membership to View

    Login

    When you register for SearchStorage.com, you’ll also receive targeted emails from my team of award-winning editorial writers. Our goal is to keep you informed on the hottest topics, the latest news and the biggest challenges you face as a storage professional today.

    Rich Castagna, Editorial Director

    By submitting your registration information to SearchStorage.com you agree to receive email communications from TechTarget and TechTarget partners. We encourage you to read our Privacy Policy which contains important disclosures about how we collect and use your registration and other information. If you reside outside of the United States, by submitting this registration information you consent to having your personal data transferred to and processed in the United States. Your use of SearchStorage.com is governed by our Terms of Use. You may contact us at webmaster@TechTarget.com.

difficult, and often unresolved, challenge is determining the scope of encryption.

A good place to start is with an overview of the landscape.

Backup software encryption: Many backup vendors offer basic client-side data encryption as a standard feature or option. Practically speaking, this function is of limited value due to the host/resource impact that's exacerbated by the necessary accompanying burden of host-based compression (software encryption renders tape drive compression ineffective). The bottom line is that this type of encryption is useful only in some cases.

Some vendors, such as CommVault and Symantec, have introduced data encryption on the media server, a choice that reduces the impact on client-side system performance. These options have the ability to compress and encrypt any combination of onsite and offsite tapes, and also provide some level of key management. Depending on media server configurations and data volume, this approach can be less costly than hardware encryption options. However, it carries some risk of media server performance impact.

This was first published in January 2008