This article can also be found in the Premium Editorial Download "Storage magazine: RAID turns 20: Do you still need it?."
Download it now to read this article plus other related content.
Of the available encryption options, backup software tends to do the poorest job of handling the performance hit created by wholesale data encryption. Administrators can mitigate this performance impact by only encrypting data going offsite during off-backup hours using features such as CommVault's Auxiliary Copy-level encryption or Symantec's Veritas NetBackup MSEO.
"Copies from disk to tape can be done outside of normal backup windows on MediaAgent servers that are typically underutilized during these periods of time," says Brian Brockway, CommVault's senior director of product management.
Centralizing key management
Encryption appliances provide their own key encryption management system, such as Decru's Lifetime Key Management or NeoScale Systems Inc.'s CryptoStor KeyVault, but these vendors say they'll support other key encryption systems found in backup software or tape drives as they gain access to these APIs.
For companies with multiple key encryption systems, an independent third-party software provider such as RSA, The Security
| Division of EMC, is a more viable option. Chris Parkerson, RSA's senior product marketing manager, says RSA's goal is to become the "management hub for encryption." A NetApp spokesperson says the RSA Key Manager is a "super key manager" with the Decru DataFort acting as a proxy into it.
James Yu, NeoScale's senior VP of marketing and business development, suggests that in the longer term encryption key management standards may result in the creation of an encryption key cloud that functions in a manner similar to how domain name servers (DNS) operate on the Internet. Using DNS on the Internet, computers contact root DNS servers that look up a computer name on the Internet and then provide the requesting computer with the information it needs to locate and directly contact another computer on the Internet.
This was first published in November 2007