This article can also be found in the Premium Editorial Download "Storage magazine: Survey says storage salaries are climbing."
Download it now to read this article plus other related content.
The software approach
Encrypting data is nothing new and there are several software packages that will encrypt data even before it's backed up. Software solutions range from point products like PKWare Inc.'s SecureZip (built on the ubiquitous PKZip), to IBM mainframe utilities, to comprehensive enterprise-wide security frameworks like Vormetric Inc.'s CoreGuard, which can be used to encrypt data systematically or on an ad-hoc basis.
The major enterprise-class backup software packages, with one notable exception, can encrypt data: CommVault Systems Inc.'s Galaxy, IBM Corp.'s Tivoli Storage Manager (TSM) and Symantec's Veritas NetBackup. The exception is EMC Corp.'s Legato NetWorker, which will add encryption in its next release, version 7.3.
|Rethinking disk's role in backup|
Does tape's vulnerability to being lost or stolen have people rethinking their backup strategies in favor of disk-based solutions? "Absolutely," says W. Curtis Preston, vice president of data protection at GlassHouse Technologies Inc., Framingham, MA. The traditional approach to tape backup--weekly fulls plus nightly incrementals--has a lot of challenges associated with it, not the least of which are hardware costs, lengthy restore times and training personnel, especially if there are remote offices involved. Add the overhead of encrypting tape and the backup process becomes even more cumbersome.
"In the new world of data protection, you've got snapshots, CDP [continuous data protection] and content-reduced backup," Preston says.
Even companies whose businesses revolve around backup tapes are promoting alternatives. For customers who would prefer to avoid shipping tapes via truck, Boston-based Iron Mountain now offers its Server Electronic Vaulting service, which encrypts a backup job and sends it off site for electronic vaulting. The data is encrypted over the wire and stored encrypted.
Symantec/Veritas, for example, has offered encryption as an option to NetBackup for a long time, but until last year, encryption was limited to 40- or 56-bit keys, widely regarded as insufficient. "People chuckled when we told them we have 40-bit and 56-bit encryption," says Adams.
With version 5.1, Symantec/Veritas upped the encryption ante with 128- and 256-bit keys. Backup software vendor BakBone Software Inc. updated its encryption capabilities in the new version of its NetVault Encryption Application Plugin Module (APM) this summer. It increased the length of its keys from 40- to 128-bit encryption, and introduced an enhanced user interface.
And it's not only high-end backup packages that offer encryption; software is starting to be targeted at small- to medium-sized businesses. In January, EMC announced that its Dantz Retrospect 7 backup application now features 128- and 256-bit AES encryption. Symantec has encryption on its roadmap for Veritas Backup Exec for the second half of 2006, says Adams.
This was first published in November 2005