Storage Management Strategies for the CIO
This article can also be found in the Premium Editorial Download "Storage magazine: New rules change data retention game."
Download it now to read this article plus other related content.
Scramble that data!
It seems like every article about data storage encryption starts by rehashing high-profile screw-ups where a tape containing a million credit card numbers bounced off a delivery truck or disappeared off the loading dock. You know the stories by now and more than a few of you probably thought, "Jeez, that's how we handle tapes." If you think that kind of thing only happens to the "other guy," think again. Maybe you're the other guy.
The benefits are clear: Lose an encrypted tape, you lose nothing; lose a tape whose bits haven't been scrambled and the implications are endless.
So why aren't you encrypting your tapes? In Storage's Spring 2007 Purchasing Intentions survey, 55% of respondents said they hadn't deployed storage security. Those respondents who were encrypting fell into three camps--those using appliances, backup software and array-based security--with a smaller contingent using the relatively new tape drive encryption technology. That was last spring, you say, so it's almost ancient history, right? In our most recent Purchasing Intentions survey, the number of respondents not encrypting was worse.
There are two main reasons for not encrypting: money and key management. They're pretty good reasons, but you'll have to find a way around them if you're serious about safeguarding your data. Encryption isn't free, regardless of how you implement it. Even if you use your current backup app
Requires Free Membership to View
to do the encryption, it's likely to be an additional cost option. Justifying the cost can be tough, just as spending for disaster recovery can be a hard sell. And deploying encryption is more on the order of disaster avoidance (DA), which is an even tougher concept to justify to those who hold the purse strings.
How do you get your bosses to swallow a sizable dose of preventive medicine? You have to lay out a solid case for the cost of the risk involved in having unencrypted tapes going offsite. Confidential customer or employee data in the wrong hands can be a huge liability, so you might check with your legal folks to build some "what-if" scenarios that describe possible consequences. That should help put a dollar figure on not taking action.
This was first published in September 2007
Join the conversationComment
Share
Comments
Results
Contribute to the conversation