This article can also be found in the Premium Editorial Download "Storage magazine: A report on storage standards: SMI-S, XAM, encryption key management and FAIS."
Download it now to read this article plus other related content.
Security breaches can also translate into legal liabilities. Privacy notification laws, beginning with California's SB 1386, have been enacted by 39 states. Those who know California's law might mistakenly believe that encryption provides indemnification from these customer notification regulations. While this may be the case in California, subsequent laws in other states have no such exemptions.
This confusion, combined with the complexities associated with key management, means some firms choose to avoid encryption. Retaining tapes on company property and eliminating the physical relocation of tapes in favor of electronic vaulting and replication have become attractive options. But depending on the amount of data at hand, that route is often cost prohibitive. Expect advances in technologies like deduplication to make this option more feasible.
Scalability: How predictable is your data growth? Backup software and tape encryption solutions typically offer a smoother growth curve, while appliances follow more of a step function.
Key management needs: From a security best practices perspective, key management should be an independent entity from backup. But due to complexity and organizational limitations, backup admins often become de facto key managers,
| and there are many cases where one key is in place for all backup. Assuming those organizational policies mature sometime in the future, does your new solution have key management capabilities to accommodate them?
Economic drivers: Organizations typically upgrade tape drives on a three- to five-year cycle, but tape library cycles usually stretch from five to seven years or longer. Unless you're at the right point in your technology depreciation and refresh cycle, tape drive encryption may not be feasible.
Operational integration and management: All encryption options have some operational impact, but the specifics vary. Tape drive encryption, for example, is simple from a physical integration perspective, but its success depends on some degree of backup software support (from basic hardware support to full key management control). Appliances are often transparent to the backup app, but require their own operational procedures to be integrated with the rest of the infrastructure. In all circumstances, the impact on disaster recovery and archiving practices, and the challenges of managing encrypted and unencrypted tapes, must be addressed.
This was first published in January 2008