This article can also be found in the Premium Editorial Download "Storage magazine: RAID turns 20: Do you still need it?."

Download it now to read this article plus other related content.

Of the available encryption options, backup software tends to do the poorest job of handling the performance hit created by wholesale data encryption. Administrators can mitigate this performance impact by only encrypting data going offsite during off-backup hours using features such as CommVault's Auxiliary Copy-level encryption or Symantec's Veritas NetBackup MSEO.

"Copies from disk to tape can be done outside of normal backup windows on MediaAgent servers that are typically underutilized during these periods of time," says Brian Brockway, CommVault's senior director of product management.

Centralizing key management
Encryption key management is a major concern for most companies. Large companies may introduce encryption at multiple layers in their backup infrastructure due to acquisitions, growth or mergers. Supporting multiple key management systems can become highly problematic, but there are some options to manage multiple encryption systems.

Encryption appliances provide their own key encryption management system, such as Decru's Lifetime Key Management or NeoScale Systems Inc.'s CryptoStor KeyVault, but these vendors say they'll support other key encryption systems found in backup software or tape drives as they gain access to these APIs.

For companies with multiple key encryption systems, an independent third-party software provider such as RSA, The Security

Requires Free Membership to View

Division of EMC, is a more viable option. Chris Parkerson, RSA's senior product marketing manager, says RSA's goal is to become the "management hub for encryption." A NetApp spokesperson says the RSA Key Manager is a "super key manager" with the Decru DataFort acting as a proxy into it.

James Yu, NeoScale's senior VP of marketing and business development, suggests that in the longer term encryption key management standards may result in the creation of an encryption key cloud that functions in a manner similar to how domain name servers (DNS) operate on the Internet. Using DNS on the Internet, computers contact root DNS servers that look up a computer name on the Internet and then provide the requesting computer with the information it needs to locate and directly contact another computer on the Internet.

This was first published in November 2007

There are Comments. Add yours.

TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: