Where encryption fits best
This article can also be found in the Premium Editorial Download "Storage magazine: RAID turns 20: Do you still need it?."
Download it now to read this article plus other related content.
There are numerous places to embed encryption into your backup infrastructure. Considering key management and performance issues, here are our recommendations.
A tarnished corporate name and possible financial and legal liabilities head the list of management concerns whenever removable disks and tape cartridges holding sensitive information are misplaced or stolen. Encryption can minimize the risks associated with these inevitable occurrences. But with multiple methods available to encrypt data and standards for the long-term management of encryption keys still in their early stages, companies need to proceed cautiously.
Encryption secures data and makes it accessible only to those individuals or applications with the proper credentials. Companies may choose to encrypt data in a number of places in the backup infrastructure to satisfy specific application or corporate requirements. For example:
- Backup software may include an encryption function that encrypts data on the client or on a designated server before storing the data.
- Encryption appliances install in the existing backup infrastructure and include purpose-built application-specific integrated circuits (ASICs) or field-programmable gate arrays (FPGAs), which encrypt data at near-wire speeds.
- switches and director blades can encrypt data stored to any Fibre Channel (FC) SAN-attached storage devices with encryption managed as another fabric service.
- Tape drives, tape libraries and virtual tape libraries (VTLs) encrypt data as it's placed on disk or tape, and may include encryption for free or as an optional feature.
- Seagate Technology LLC recently announced that it plans to add Full Disk Encryption (FDE) technology to all of its enterprise-class hard drives in 2008.
This was first published in November 2007