Now that laws in many states may require customers to make a public notice if personally identifiable information (like Social Security and credit card numbers) are contained on lost and unencrypted backup tapes, prudence dictates that all tapes shipped offsite should be encrypted.
Luckily, encrypting data as it's to tape has never been easier. The current versions of most backup applications support tape encryption, as do the new LTO-4 tape drives. Encrypting data is computer intensive and will slow down the backup process, so you may want to recommend dedicated encryption appliances from Neoscale or Decru, which can encrypt data at 2 Gbps or better. Another point to bear in mind is that encrypted data is essentially uncompressible. So if you're encrypting data in software or an appliance, your tape drives won't be able to compress the data.
The real problem isn't encrypting data as it's written to tape. It's making sure the right decryption key is available when you need to read an encrypted tape. For small shops it's relatively simple to use a single encryption key for all tapes. Whatever device or software you use will store the key and ensure you can read the tapes. Make sure that the encryption key is exported to one or more external USB keys or CDs that are stored off site and separately from the backup tapes, so you can retrieve it in an emergency. Larger organizations that need to compartmentalize data will need an enterprise key management solution like those from Decru, Neoscale and SpectraLogic.
Related Q&A from Howard Marks
Information lifecycle management – the proper use, archiving and ultimate disposal of data -- is important to any company. One reason is ...continue reading
Learn why data replication took a leap forward with the Cluster Continuous Replication functionality in Microsoft Exchange Server 2007. Exchange ...continue reading
Learn which factors VARs should consider before recommending a storage area network to their customers, and discover whether Fibre Channel or iSCSI ...continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.