Best Practices: Unraveling tape encryption


This article can also be found in the Premium Editorial Download "Storage magazine: A report on storage standards: SMI-S, XAM, encryption key management and FAIS."

Download it now to read this article plus other related content.

Security breaches can also translate into legal liabilities. Privacy notification laws, beginning with California's SB 1386, have been enacted by 39 states. Those who know California's law might mistakenly believe that encryption provides indemnification from these customer notification regulations. While this may be the case in California, subsequent laws in other states have no such exemptions.

This confusion, combined with the complexities associated with key management, means some firms choose to avoid encryption. Retaining tapes on company property and eliminating the physical relocation of tapes in favor of electronic vaulting and replication have become attractive options. But depending on the amount of data at hand, that route is often cost prohibitive. Expect advances in technologies like deduplication to make this option more feasible.

Critical criteria
Here are some critical factors to consider when selecting an encryption solution.

Scalability: How predictable is your data growth? Backup software and tape encryption solutions typically offer a smoother growth curve, while appliances follow more of a step function.

Key management needs: From a security best practices perspective, key management should be an independent entity from backup. But due to complexity and organizational limitations, backup admins often become de facto key managers,

Requires Free Membership to View

and there are many cases where one key is in place for all backup. Assuming those organizational policies mature sometime in the future, does your new solution have key management capabilities to accommodate them?

Economic drivers: Organizations typically upgrade tape drives on a three- to five-year cycle, but tape library cycles usually stretch from five to seven years or longer. Unless you're at the right point in your technology depreciation and refresh cycle, tape drive encryption may not be feasible.

Operational integration and management: All encryption options have some operational impact, but the specifics vary. Tape drive encryption, for example, is simple from a physical integration perspective, but its success depends on some degree of backup software support (from basic hardware support to full key management control). Appliances are often transparent to the backup app, but require their own operational procedures to be integrated with the rest of the infrastructure. In all circumstances, the impact on disaster recovery and archiving practices, and the challenges of managing encrypted and unencrypted tapes, must be addressed.

This was first published in January 2008

There are Comments. Add yours.

TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: