This article can also be found in the Premium Editorial Download "Storage magazine: Benefits of third-party data protection and recovery management tools."
Download it now to read this article plus other related content.
In spite of the fact that three-quarters of enterprises continue to eschew backup encryption, IT managers have become resigned to the inevitability of encryption technology. They recognize that the next LTO drive they buy will have encryption capabilities, while future disk arrays will support the Trusted Computing Group (TCG) storage security standards. The tape-encryption infrastructure will arrive within the next 24 months, whether you like it or not.
Given the certainty around tape encryption, organizations should begin their tape-encryption planning as soon as possible. Based on countless enterprise interactions, ESG recommends large organizations anticipate tape-encryption best practices through the following:
Assess risks. If you work in a regulated industry at a publicly traded firm where backup tapes are shipped offsite with a third-party service provider, you face a high degree of risk. Fast track a decision and proceed to implementation as soon as possible. If your organization doesn't fit this precise profile, you should still undertake a thorough risk assessment. For example, many firms entrust employees to deliver tapes from one data center to another. In cases like that, policy creation, signed employee agreements and background checks may be a logical first step toward safeguarding tape-based data. Make sure to assess future privacy legislation and international laws that may impact any near- or long-term plans.
Take a backup
inventory. There are four basic options for tape encryption: software (i.e., backup software), file-system encryption at the media server, an encryption appliance or switch, or encrypting tape drives. Before choosing one, assess all backup technologies, amortization schedules and backup architectures. Which equipment is due for an upgrade? Is tape backup used as a primary or secondary backup medium? Be selective but open-minded; many large organizations will end up with a heterogeneous encryption architecture that includes more than one of these technologies.
Map tape-encryption plans to backup strategies. Encrypting tapes might not make sense if your organization plans to implement virtual tape or disk-to-disk backup in the near future. In that case, disk-based encryption may be a better fit.
This was first published in July 2007