Best Practices: Unraveling tape encryption


This article can also be found in the Premium Editorial Download "Storage magazine: A report on storage standards: SMI-S, XAM, encryption key management and FAIS."

Download it now to read this article plus other related content.

Tape encryption technologies and practices are on the rise. But with more choices than ever, careful consideration of the options is critical.

Security and storage have traditionally been strange bedfellows, seemingly at odds despite so many efforts to sound the alarm concerning the risks inherent to networked storage environments. While awareness of the risks is on the rise, steps to address storage security holes have been slow to evolve. Still, the fear of being exposed on the pages of The New York Times and having to provide free Equifax credit checks to millions of consumers is incentive enough for most organizations to consider tape encryption.

Despite steadily growing interest, the number of companies that encrypt their tapes remains relatively small. When SAN-based encryption appliances were introduced a few years ago, there was a significant uptick in encryption interest. With the emergence of new generations of tape drives featuring onboard hardware encryption, companies are revisiting their tape security practices in the hope that this new technology will solve their current tape security concerns at an affordable price.

Technology options
Several factors play into the successful selection and deployment of a tape encryption technology. It's important to understand the strengths and weaknesses of the available solutions. The most

Requires Free Membership to View

difficult, and often unresolved, challenge is determining the scope of encryption.

A good place to start is with an overview of the landscape.

Backup software encryption: Many backup vendors offer basic client-side data encryption as a standard feature or option. Practically speaking, this function is of limited value due to the host/resource impact that's exacerbated by the necessary accompanying burden of host-based compression (software encryption renders tape drive compression ineffective). The bottom line is that this type of encryption is useful only in some cases.

Some vendors, such as CommVault and Symantec, have introduced data encryption on the media server, a choice that reduces the impact on client-side system performance. These options have the ability to compress and encrypt any combination of onsite and offsite tapes, and also provide some level of key management. Depending on media server configurations and data volume, this approach can be less costly than hardware encryption options. However, it carries some risk of media server performance impact.

This was first published in January 2008

There are Comments. Add yours.

TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: