| There are numerous places to embed encryption into your backup infrastructure. Considering key management and performance issues, here are our recommendations.
Encryption secures data and makes it accessible only to those individuals or applications with the proper credentials. Companies may choose to encrypt data in a number of places in the backup infrastructure to satisfy specific application or corporate requirements. For example:
| Deciding where to implement encryption is only the first step; other decisions have to be made as well. For example, choosing a more complex encryption algorithm such as 256-bit AES can lengthen the time it takes to encrypt data, introduce unacceptable levels of server overhead and extend backup windows. User-selected encryption keys may be too easily hacked, negating whatever benefits encryption provides. And large organizations that are implementing encryption at multiple layers or in different locations in the backup infrastructure can create incompatible and ongoing encryption key management issues.
Other issues that must be resolved prior to implementing encryption include how to minimize the performance overhead encryption creates, how encryption keys are generated and what data to encrypt.
The best place to encrypt data in the backup infrastructure is generally determined by four factors: corporate risk thresholds, ease of implementation, price and the performance impact encryption has on the backup infrastructure. While encryption key management remains a near-term concern, new standards under discussion will likely evolve to permit the exchange of keys among different vendors' encryption key management systems.
The use of compression by backup software as it encrypts data is an important but subtle differentiator among backup software products. Encrypting native backup data typically increases the size of backed up data stores by 20% or more, so backup software products may also turn on compression when encryption is enabled. Compression reduces the size of the backed up data, but adds another 5% to 10% to the server CPU overhead on top of the 20% overhead encryption introduces.
| Backup software provides a number of options to circumvent this performance overhead. One option offered by Symantec Corp.'s Backup Exec 11d and CommVault's Galaxy 7.0 is to simply turn off compression. The compression and encryption features are individual checkboxes in these backup software products, so admins can choose to turn off compression on the backup clients but still encrypt the data. However, this reintroduces the problem of increased backup storage capacities and lengthens backup windows.
To address these issues, some backup software products offload the compression and encryption to a designated server. Backup software products that perform deduplication--such as Asigra Inc.'s Televaulting, EMC Corp.'s Avamar and Symantec's Veritas NetBackup PureDisk--compress and encrypt data as part of the deduplication process. The overhead associated with the compression and encryption is then offloaded to a designated server in the backup infrastructure. But using deduplication in the initial backup of a client can sometimes take hours or even days to complete as data is deduplicated, compressed and encrypted for the first time. It's a lengthy process that not every application can withstand.
| Symantec's Veritas NetBackup 6.5 Media Server Encryption Option (MSEO) similarly offloads the compression and encryption from the client server, but eliminates the need for a lengthy first backup. Veritas NetBackup clients don't encrypt the backup job; instead, they direct the backup job to a Veritas NetBackup media server that stores the backup job in its normal state on disk or tape.
The Veritas NetBackup media server manages a pool of storage devices and, using MSEO, administrators can set policies that encrypt backed up client data at any point in the backup process, including some point after the initial backup job completes. In doing so, MSEO moves the performance hit from the client to the Veritas NetBackup media server so the performance hit impacts only the Veritas NetBackup media server at the time the backed up data is actually compressed and encrypted. In addition, using Veritas NetBackup's MSEO addresses one of the principal pitfalls of using backup software to encrypt data on a client: encryption key creation.
| Key management
Most backup software products leave it up to backup administrators to create the encryption key (usually a password). The backup software then uses this key to encrypt all backups on that server and possibly all client servers under the central backup software's management.
This situation is desirable in some cases. Companies that outsource their backups to third-party backup service providers typically find the backup service provider uses software like Asigra Televaulting. To protect the integrity of each client's data, individual clients are issued a complex, randomly generated encryption key that's known only to the clients; this is used for all of that client's backups. This arrangement precludes the backup service provider from ever accessing client data stored at its facility.
Scott Restivo, MIS director at J.A.M. Distributing, and an Asigra Televaulting user, finds that Asigra's mechanism for encryption key management puts the onus entirely on the administrator to manage the encryption key. Although backup service providers are diligent in providing their users with best practices for encryption key management and preservation, there's no way to retrieve or recover the encrypted data should the key ever become lost. As a result, says Restivo, "I guard the key with my life."
Corporate One Federal Credit Union evaluated most of the available encryption options and eventually selected Network Appliance (NetApp) Inc.'s Decru DataFort encryption appliance. An encryption appliance distinguishes itself from other encryption architectures in that a company can continue to use its existing backup infrastructure because the appliance is installed as a device in the data path between the backup software and the target storage device. This architecture eliminates any dependencies on backup software or tape libraries for ongoing key management, and the encryption appliance usually includes an ASIC to expedite the compression and encryption of backed up data.
| A determining factor for Corporate One Federal Credit Union's decision was how Decru DataFort generated and managed its own encryption keys. Prior to selecting Decru DataFort, Corporate One had developed its own in-house system for key management for data exchange with its various member credit unions. Decru DataFort eliminated that need for internal key generation and management because it generates unique random numbers for backups as frequently as Corporate One wants them created. In instances where member credit unions also used Decru DataFort, Corporate One could configure its Decru DataFort encryption appliances to exchange encryption keys with the Decru DataFort at a member credit union's site.
A growing number of other encryption architectures now offer similar means for creating and managing randomly generated encryption keys. Tape drives that do encryption such as IBM Corp.'s T1120 (3592 tape formats) and Sun Microsystems Inc.'s StorageTek T10000 (9840 tape formats) include ASICs that expedite encryption, but they still rely on external encryption software to provide the needed encryption key. IBM and Sun plan to eventually allow other vendors' encryption key managers to generate random encryption keys; in the meantime, IBM T1120 users will need to rely on IBM Encryption Key Manager to generate encryption keys; Sun StorageTek T10000 users will need to deploy Sun StorageTek Crypto Key Management Station for key generation and management.
LTO-4 tape drives are further down the road in integrating with third-party software encryption key managers. LTO-4 tape drives provide the necessary APIs for encryption key management providers to select the encryption algorithm they should use, as well as the key the LTO-4 tape drive needs to do the encryption. Currently, users of CommVault's Galaxy 7.0 backup software can randomly generate encryption keys that LTO-4 tape drives can accept and use.
| How much data to encrypt
A major decision Chad Sturgill, network engineer at Corporate One Federal Credit Union, had to make when implementing encryption was how much of his company's data to encrypt. Although Sturgill knew Corporate One didn't need to encrypt all of its data, he also realized that Corporate One's data wasn't perfectly classified. With that in mind, Sturgill instituted a policy where all of Corporate One's data was encrypted to ensure it was protected. "If you leave your house and lock the door, do you leave your garage door open?" queries Sturgill.
Supporting that encryption policy required Sturgill to verify that Decru could handle the overhead associated with the encryption and not impact backup windows. He ran a series of tests and found that using an encryption appliance in the data path had minimal or no effect on backup times and, in some instances, actually improved the overall speed of backups.
Sturgill's experiences support encryption appliance vendor claims that their appliances have minimal or no impact on backup speeds. NetApp finds that as many as one-third of its Decru DataFort customers generally see +/- 5% performance impact on backup times, which is generally acceptable to most users.
Companies with high-performance FC SAN environments that are hesitant to introduce encryption appliances may find Cisco Systems Inc.'s new Storage Media Encryption (SME) more suitable. SME is available on Cisco's MDS 9222i Multilayer Fabric Switch or its MPS-18/4 director blade, and is managed as another fabric service in Cisco's SAN-OS. Cisco's SME uses a central ASIC on the fabric switch or director blade that provides up to 10Gb/sec of throughput with key creation and management handled externally by EMC's RSA Key Manager or Cisco's own key management application (due out this month). Although encrypting in the switch avoids the need to introduce appliances, the current implementation encrypts data to whatever storage devices are attached to these ports.
Purchasing new tape drives that natively support encryption may be the simplest and easiest way for a company to encrypt all of its data. New tape drives often eliminate some of the internal justifications administrators need to provide when purchasing encryption appliances or switches. Tape drives such as the IBM T1120 also include an encryption ASIC that, according to Bradley Johns, IBM System Storage tape market management, keeps the performance impact at or under 1% in most customer environments.
| Of the available encryption options, backup software tends to do the poorest job of handling the performance hit created by wholesale data encryption. Administrators can mitigate this performance impact by only encrypting data going offsite during off-backup hours using features such as CommVault's Auxiliary Copy-level encryption or Symantec's Veritas NetBackup MSEO.
"Copies from disk to tape can be done outside of normal backup windows on MediaAgent servers that are typically underutilized during these periods of time," says Brian Brockway, CommVault's senior director of product management.
Centralizing key management
Encryption appliances provide their own key encryption management system, such as Decru's Lifetime Key Management or NeoScale Systems Inc.'s CryptoStor KeyVault, but these vendors say they'll support other key encryption systems found in backup software or tape drives as they gain access to these APIs.
For companies with multiple key encryption systems, an independent third-party software provider such as RSA, The Security Division of EMC, is a more viable option. Chris Parkerson, RSA's senior product marketing manager, says RSA's goal is to become the "management hub for encryption." A NetApp spokesperson says the RSA Key Manager is a "super key manager" with the Decru DataFort acting as a proxy into it.
James Yu, NeoScale's senior VP of marketing and business development, suggests that in the longer term encryption key management standards may result in the creation of an encryption key cloud that functions in a manner similar to how domain name servers (DNS) operate on the Internet. Using DNS on the Internet, computers contact root DNS servers that look up a computer name on the Internet and then provide the requesting computer with the information it needs to locate and directly contact another computer on the Internet.
| Encryption key management standards would function in a comparable manner by providing a standard way for different vendors' encryption key management programs to communicate and share encryption key information. "These standards, used in conjunction with authenticated encryption key management servers, could enable the sharing of policies and encryption keys between different encryption key management servers," says Yu.
The still nascent state of encryption key management standards and the proprietary nature of encryption key management require large firms to exercise caution in their selection and deployment of encryption. With most firms looking to encrypt only data sent offsite, backup admins should give preference to products that provide options to configure their architecture to support this specific requirement. Encryption appliances, tape drives and libraries with APIs accessible by third-party encryption key managers, and backup software with an off-host media server encryption option are the architectures that backup admins should give preference to at this time.