This article can also be found in the Premium Editorial Download "Storage magazine: RAID turns 20: Do you still need it?."

Download it now to read this article plus other related content.

Deciding where to implement encryption is only the first step; other decisions have to be made as well. For example, choosing a more complex encryption algorithm such as 256-bit AES can lengthen the time it takes to encrypt data, introduce unacceptable levels of server overhead and extend backup windows. User-selected encryption keys may be too easily hacked, negating whatever benefits encryption provides. And large organizations that are implementing encryption at multiple layers or in different locations in the backup infrastructure can create incompatible and ongoing encryption key management issues.

Other issues that must be resolved prior to implementing encryption include how to minimize the performance overhead encryption creates, how encryption keys are generated and what data to encrypt.

The best place to encrypt data in the backup infrastructure is generally determined by four factors: corporate risk thresholds, ease of implementation, price and the performance impact encryption has on the backup infrastructure. While encryption key management remains a near-term concern, new standards under discussion will likely evolve to permit the exchange of keys among different vendors' encryption key management systems.

Requires Free Membership to View

Click here for encryption product considerations. (PDF).

Starting point
Backup software serves as a logical starting point for encryption because most organizations already own backup software. Using a backup application's encryption capability avoids the extra cost of encryption appliances, fabric switches, or new tape drives or libraries. However, there are notable differences in the way backup software encrypts data.

The use of compression by backup software as it encrypts data is an important but subtle differentiator among backup software products. Encrypting native backup data typically increases the size of backed up data stores by 20% or more, so backup software products may also turn on compression when encryption is enabled. Compression reduces the size of the backed up data, but adds another 5% to 10% to the server CPU overhead on top of the 20% overhead encryption introduces.

This was first published in November 2007

There are Comments. Add yours.

TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: