This article can also be found in the Premium Editorial Download "Storage magazine: Salary survey reveals storage skills are in demand."
Download it now to read this article plus other related content.
Large firms need an ETE architecture
Tape-encryption products that provide little more than "antidisclosure" insurance may be in vogue today, but the encryption needs of large organizations will soon move beyond this limited scope. Rather than implement multiple tape-encryption solutions, Enterprise Strategy Group (ESG) believes savvy CIOs will look at a new class of security products we call Enterprise Tape Encryption (ETE). Unlike most self-contained point solutions, ETE is built as a set of encryption services. As such, ETE:
Separates encryption and administrative functions. ETE services like cryptographic processing, key management and administration are discrete objects. By distributing these services, the actual cryptographic processing can be performed on high-speed security processors, while key management and administration can be centralized for operational efficiency and high security. This model will be especially important over time because it offers scale and performance benefits as more data is encrypted. For scalability, today's all-in-one, server-based solution can migrate gracefully to a distributed model over time.
Provides for ease of integration. ETE services are easily accessible to systems that need to encrypt data and the devices that perform the actual encryption operations. ETE acts as encryption middleware with open APIs used for requesting or performing encryption services.
Virtualizes key management.
To maintain the availability of critical key-management services, many of today's encryption appliance products must be configured in pairs for failover. Rather than clustering boxes, ETE uses a distributed database built on multiple distributed systems similar to the global Domain Name System (DNS) infrastructure. This architecture increases performance by localizing ETE service requests, thus minimizing latency. It also eliminates any single point of failure; if a local ETE system is offline, the ETE service simply calls another.
Accommodates key sharing. ETE recognizes the need for key sharing among enterprise data centers and business partners. ETE offers multiple technical solutions, including Public Key Infrastructure, Kerberos, shared secret keys and secure decryption utilities.
This was first published in November 2006