Tip

Encrypting tape: Software vs. hardware and key management

What you will learn from this tip: Encrypting data is a high priority for businesses these days. Become familiar with the formats of encryption and the importance of key management.


Encrypting backup tapes isn't

    Requires Free Membership to View

so much a question of "if" but "when," which means a lot of enterprises are struggling with the question of "how."

The two major approaches to tape encryption involve using software or specialized hardware. Both have drawbacks and the choice ultimately comes down to the balancing those drawbacks against the characteristics of the particular enterprise.

Drawbacks or not, tape encryption is bearing down on IT like a rapidly approaching freight train.

"This is one area where CEOs are not going to wait for regulations," Ravi Chalaka, vice president of marketing for Maxxan Systems, a San Jose, Calif.-based maker of virtual tape libraries (VTL) says. Recent legislation, notably in California, has forced companies to disclose losses of customer information, resulting in a flood of news reports as major banks and others have announced the possible compromise of tapes containing the data of millions of customers. The resulting bad publicity has helped to make companies extremely sensitive, Chalaka says, and is driving them to encrypt their backups.

However, Chalaka notes that only about 25% of companies encrypt their tapes today. The result is a mad scramble for tape encryption in enterprises of all sizes -- and a flood of announcements of tape encryption products.

There are a number of hardware and software approaches to encryption available. Most major tape software vendors offer encryption as an option, and there are a number of encryption appliances from companies like Avax International Inc. and Decru Inc. that use hardware to handle the encryption. There are also specialized hardware products, such as the one from Intradyn Inc., which encrypts e-mail backups. A number of stand-alone software packages, such as Alliance for the IBM iSeries from Patrick Townsend & Associates, are also available.

The major advantages of the encryption appliances are flexibility and speed. Their disadvantages are cost and lack of scalability. Software encryption is cheaper, but slower.

Encryption, to a secure level, is a compute-intensive process, especially when it's being done on the scale of a full backup. Software encryption is slower and can prolong an already-tight backup in progress. Furthermore, encryption appliances are usually able to handle anything that is being backed up, no matter what the operating system, file structure or other characteristics.

One way to work around the disadvantages of tape encryption is to limit what is encrypted. Rather than encrypting all the backed-up data, only encrypt the most critical information, such as customer data. This is a common strategy, especially in enterprises using software encryption.

Currently, Chalaka says, most enterprises that encrypt their tapes are using software encryption; hardware encryption is just beginning to take hold in the market.

Using any kind of tape encryption means dealing with key management. If the keys are lost or corrupted the tapes are unreadable, and if they are compromised the security is compromised as well. Before you begin using any type of tape encryption, you must have an effective, robust and secure method of key management in place.

"We need an architecture that will encrypt without any degradation of performance, [and] at the same time be able to scale and be able to do all this with simple, effective key management," Chalaka says.

Until that architecture arrives, storage administrators will have some painful choices -- but most of them will still encrypt their tapes.

For more information:

How to keep stored data out of enemy hands


About the author: Rick Cook has been writing about mass storage since the days when the term meant an 80 K floppy disk. The computers he learned on used ferrite cores and magnetic drums. For the last 20 years, he has been a freelance writer specializing in storage and other computer issues.

This was first published in July 2005

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

Disclaimer: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.