This article can also be found in the Premium Editorial Download "Storage magazine: A report on storage standards: SMI-S, XAM, encryption key management and FAIS."
Download it now to read this article plus other related content.
Tape encryption technologies and practices are on the rise. But with more choices than ever, careful consideration of the options is critical.
Despite steadily growing interest, the number of companies that encrypt their tapes remains relatively small. When SAN-based encryption appliances were introduced a few years ago, there was a significant uptick in encryption interest. With the emergence of new generations of tape drives featuring onboard hardware encryption, companies are revisiting their tape security practices in the hope that this new technology will solve their current tape security concerns at an affordable price.
| difficult, and often unresolved, challenge is determining the scope of encryption.
A good place to start is with an overview of the landscape.
Backup software encryption: Many backup vendors offer basic client-side data encryption as a standard feature or option. Practically speaking, this function is of limited value due to the host/resource impact that's exacerbated by the necessary accompanying burden of host-based compression (software encryption renders tape drive compression ineffective). The bottom line is that this type of encryption is useful only in some cases.
Some vendors, such as CommVault and Symantec, have introduced data encryption on the media server, a choice that reduces the impact on client-side system performance. These options have the ability to compress and encrypt any combination of onsite and offsite tapes, and also provide some level of key management. Depending on media server configurations and data volume, this approach can be less costly than hardware encryption options. However, it carries some risk of media server performance impact.
This was first published in January 2008