Ask the Expert

What are the pros and cons of backup tape encryption?

Lost backup tapes create a security and PR nightmare for customers. Is an encryption regime the answer? What are the options and issues for backup tape encryption?

    Requires Free Membership to View

Now that laws in many states may require customers to make a public notice if personally identifiable information (like Social Security and credit card numbers) are contained on lost and unencrypted backup tapes, prudence dictates that all tapes shipped offsite should be encrypted.

Luckily, encrypting data as it's to tape has never been easier. The current versions of most backup applications support tape encryption, as do the new LTO-4 tape drives. Encrypting data is computer intensive and will slow down the backup process, so you may want to recommend dedicated encryption appliances from Neoscale or Decru, which can encrypt data at 2 Gbps or better. Another point to bear in mind is that encrypted data is essentially uncompressible. So if you're encrypting data in software or an appliance, your tape drives won't be able to compress the data.

The real problem isn't encrypting data as it's written to tape. It's making sure the right decryption key is available when you need to read an encrypted tape. For small shops it's relatively simple to use a single encryption key for all tapes. Whatever device or software you use will store the key and ensure you can read the tapes. Make sure that the encryption key is exported to one or more external USB keys or CDs that are stored off site and separately from the backup tapes, so you can retrieve it in an emergency. Larger organizations that need to compartmentalize data will need an enterprise key management solution like those from Decru, Neoscale and SpectraLogic.

This was first published in November 2007

There are Comments. Add yours.

TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: