Federal Regulations Spur Interest in Tape Encryption or most storage managers, encrypting backup tapes is a pretty low priority, either because they don't think it's necessary, because they are wary of decreased performance, or they fear making it harder to restore.
But that's changing, says Hari Venkatacharya, senior vice president of secure networked storage at Kasten Chase, which makes the Assurency Secure Networked Storage product, a PCI-based encryption card. "There's been a significant shift even in the past four months in security paranoia because of all the legislation that has passed," Venkatacharya says.
For example, the California Act Senate Bill No. 1386 requires companies doing business with Californians to notify customers when they've been hacked. Encrypted data is exempt from the reporting requirement.
Furthermore, encrypting backup tapes isn't necessarily an all-or-nothing proposition. "Companies are looking to encrypt about 15% to 20% of their data," estimates Venkatacharya. In other words, a company may want to encrypt sensitive financial documents, but leave user files in the clear.
By far, the sector that has expressed the most interest in tape encryption is the financial sector, says Brian Bailey, president of Digital Security International, a British firm that has begun marketing its Paranoia hardware encryption appliance to the U.S. market. Healthcare, despite the recently enacted HIPAA legislation, "has no money for it," and has to "rely on physical security instead," Bailey says.
Money or no money, there's no dearth of companies willing to sell you tape encryption products, in one form or another. Veritas NetBackup offers an encryption option, while storage security vendor NeoScale offers CryptoStor for Tape, an offshoot of its SAN storage security appliance. NeoScale competitor Decru, meanwhile, does not offer a tape-specific encryption appliance, but its DataFort can be used to that effect, says Dan Avida, president and CEO.