This article can also be found in the Premium Editorial Download "Storage magazine: Salary survey reveals storage skills are in demand."
Download it now to read this article plus other related content.
Tape encryption must support the business
Numerous companies are jumping on the backup tape-encryption bandwagon: Encrypt your backup tapes and the threat of lost/stolen tapes, embarrassing data breaches and unexpected costs disappear. But while this is certainly logical, it's also shortsighted. Tape encryption must provide protection against accidental tape loss or criminal activities, but it should also be integrated into the security procedures of tape-based business processes such as:
Data sharing. Tape is still used as a means of data exchange among business partners, but this process shares the same risk of tape loss/theft as offsite solutions. To facilitate data exchange, tape-encryption solutions must share encryption keys among business partners.
Data archiving. Government regulations like HIPAA and SEC 17a-4 demand long-term records retention. Because tape media is often used for data archiving, tape encryption can keep the data confidential and tamperproof. In an archiving application, tape encryption must be supported with key lifecycle management features built for long-term encrypted data storage.
These functions will certainly add to the business value of a tape-encryption solution, but it's also important that they don't create an inordinate amount of IT operations overhead in the process. To accommodate the business and IT, tape-encryption solutions must:
Work with existing technologies. Tape encryption
Integrate into disaster recovery (DR) planning. Because encrypted data must be decrypted to be useful, tape-encryption operations must be part of the DR/business continuity process. This requires tight controls for key management, key backup and redundant key-restoration equipment. These steps must not impact business-critical recovery time objectives and recovery point objectives.
Allow flexibility for growth. When a file is archived for 10 years, for example, the tape drive, server and application technologies will certainly change during that timeframe. Tape encryption must accommodate inevitable technology churn while maintaining the integrity of encryption keys and administrative policies over the long haul.
When weighed against this set of enterprise requirements, most of today's tape-encryption solutions fall short.
This was first published in November 2006