|
Deciding where to implement encryption is only the first step; other decisions have to be made as well. For example, choosing a more complex encryption algorithm such as 256-bit AES can lengthen the time it takes to encrypt data, introduce unacceptable levels of server overhead and extend backup windows. User-selected encryption keys may be too easily hacked, negating whatever benefits encryption provides. And large organizations that are implementing encryption at multiple layers or in different locations in the backup infrastructure can create incompatible and ongoing encryption key management issues.
Other issues that must be resolved prior to implementing encryption include how to minimize the performance overhead encryption creates, how encryption keys are generated and what data to
encrypt.
The best place to encrypt data in the backup infrastructure is generally determined by four factors: corporate risk thresholds, ease of implementation, price and the performance impact encryption has on the backup infrastructure. While encryption key management remains a near-term concern, new standards under discussion will likely evolve to permi...
To continue reading for free, register below or login
To read more you must become a member of SearchStorage.com
t the exchange of keys among different vendors'
encryption key management systems.
Click here for encryption product considerations. (PDF).
Starting point
Backup software serves as a logical starting point for encryption because most organizations already own backup software. Using a backup application's encryption capability avoids the extra cost of encryption appliances, fabric switches, or new tape drives or libraries. However, there are notable differences in the way backup software encrypts data.
The use of compression by backup software as it encrypts data is an important but subtle differentiator among backup software products. Encrypting native backup data typically increases the size of backed up data stores by 20% or more, so backup software products may also turn on compression when encryption is enabled. Compression reduces the size of the backed up data, but adds another 5% to 10% to the server CPU overhead on top of the 20% overhead encryption introduces.
|
 |
|
