Where encryption fits best
This article can also be found in the Premium Editorial Download "Storage magazine: RAID turns 20: Do you still need it?."
Download it now to read this article plus other related content.
Symantec's Veritas NetBackup 6.5 Media Server Encryption Option (MSEO) similarly offloads the compression and encryption from the client server, but eliminates the need for a lengthy first backup. Veritas NetBackup clients don't encrypt the backup job; instead, they direct the backup job to a Veritas NetBackup media server that stores the backup job in its normal state on disk or tape.
The Veritas NetBackup media server manages a pool of storage devices and, using MSEO, administrators can set policies that encrypt backed up client data at any point in the backup process, including some point after the initial backup job completes. In doing so, MSEO moves the performance hit from the client to the Veritas NetBackup media server so the performance hit impacts only the Veritas NetBackup media server at the time the backed up data is actually compressed and encrypted. In addition, using Veritas NetBackup's MSEO addresses one of the principal pitfalls of using backup software to encrypt data on a client: encryption key creation.
|Best practices for encrypting data on mobile devices|
|Portable storage devices such as laptops, USB thumb drives and even iPods are now a permanent part of the corporate data|
| management landscape. More sensitive corporate data is landing on these mobile storage devices, which, if lost, could present a serious liability to corporations. Here are some best practices for encrypting data on these devices.
Centralize policy creation and control. Encryption software for mobile devices should support encryption policies that administrators can centrally create and manage to ensure mobile users don't circumvent corporate policies. Centennial Software Ltd.'s Devicewall and GuardianEdge Technologies Inc.'s Device Control and Removable Storage Encryption products can encrypt data and provide centralized encryption policy management for portable storage devices.
Data classification. Encryption software should include a discovery and reporting component so companies can quantify how much--and what--data is stored on portable devices, as well as what the potential risk is if loss or theft occurs. Products from Tablus Inc. and Vontu Inc. identify data being copied to devices and can prevent or audit those activities.
Encryption key creation. Formulate encryption policies that force mobile users to create and use complex encryption keys, or use third-party software that creates and manages the encryption keys for them. Devicewall and GuardianEdge tie into Active Directory, through which companies can create policies for the creation and management of user encryption keys.
Restrict data storage on new mobile devices. New portable storage devices from digital cameras to iPods are capable of storing hundreds of gigabytes of data in unencrypted formats. Short term, create policies that restrict users from storing data on these devices; longer term, implement products that encrypt data stored to these mobile devices and adhere to corporate encryption key generation and management policies.
This was first published in November 2007