This article can also be found in the Premium Editorial Download "Storage magazine: Survey says storage salaries are climbing."
Download it now to read this article plus other related content.
But just because you can perform encryption using backup software doesn't necessarily mean you should--especially not on a large scale. "We position [NetVault's Encryption APM] as a first line of defense," says Bharat Kumar, BakBone's vice president of marketing. But in environments that require large-scale backup encryption, it should be "used alongside other technologies, like tape encryption appliances," he adds.
What's wrong with encrypting tapes using backup software? In a nutshell, it takes more time, consumes more storage and costs more money. Here's why:
- Most backup software packages perform encryption on the client. That's a good thing in that data travels over the network encrypted, but it adds to the amount of time it takes to back that client up. According to W. Curtis Preston, vice president of data protection at GlassHouse Technologies Inc. in Framingham, MA, a backup encrypted with backup software will complete 50% slower than one not encrypted. Vendors that advertise better performance than that probably aren't using top-of-the-line 256-bit keys, he says, adding that "the length of time it takes to encrypt a backup is directly proportional to the size of the key used."
- Encrypting data on the client makes it impossible to compress data later on because encrypted data is uncompressible. It's easy to circumvent that problem by using your backup
software's compression feature, but that also slows down a backup.
For some, taking the backup software route to encrypted backups works great. CUDP uses BakBone's NetVault encryption option, and is pleased with the performance and space consumption it's seeing. "It was a concern up front," says Ben Shapiro, a development programmer at CUDP, but "the testing I performed showed that the performance impact was minimal." That's because the encryption takes place on CUDP's customers' machines, and not on CUDP's machines. From Shapiro's perspective, adding encryption to its customers' backups has only added about 10 minutes to the overall process, he says.
But in environments struggling to complete backups in a timely fashion, adding encryption to the mix "lengthen[s] your backup window," says John Lallier, vice president of technology at FalconStor Software, Melville, NY. In those environments, taking the encryption function out of the backup software and putting it into specialized hardware is probably the right way to go.
This was first published in November 2005