Are you aware of any encryption schemes used specifically for tape backups? Are there any special technologies or formats required/used to secure data on tape? I am somewhat familiar with WORM, but not sure of others.


    Requires Free Membership to View

    Login

Data encryption schemes work equally well for all types of media, tape, disk and so on. Also, many backup programs contain encryption in them and can create encrypted backup tapes.

You should be careful with encrypting backups. Encryption and backups are somewhat at odds with each other. Backups exist to make data accessible, encryption exists to make data inaccessible. There are two types of failures that can happen. You may end up thinking your backups are secure when they aren't. If backups are encrypted, then the people who know those keys are the most trusted people in your system! On the other hand, imagine how upset you'd be if you discover that your data warehouse is worthless because no one knows how to decrypt it. Consequently, you have to examine why you are encrypting your backups and who has access to them and where the keys are stored.

There's nothing wrong, for example, with using a password encryption scheme to encrypt and writing those passwords in a log book. Just protect the log book properly. Other password protection schemes include writing the password on a piece of paper, sealing it in a tamper-evident envelope (sign over the flap, for example) and keeping that in a moderately secure place.

WORM is completely different from encryption -- it is a type of media, not a data storage technology. WORM (Write Once, Read Many) is short hand for a type of storage. The most common WORM systems today are CDR writable CDs. I use these for my backup, not for any security, but because they're cheap. Some systems have a need (for example, evidence in an investigation) to show that once a file has been written, it could not have been modified. For these systems, there is a systems need for WORM. In most cases, cost and convenience are the real considerations. In a day when US$20 can get you 100 CDs, that is 70GB of backup for not a lot of money. On the other hand, if you're backing up a 100GB database, that's a lot of media that has to be fed to the machine, so convenience becomes a big consideration. A convenient system is also one less prone to operational errors. And let's remember -- no one really wants backups. What they want are restores.

For more information, check out these other SearchSecurity.com resources:
Best Web Links: Data protection
Best Web Links: Encryption


This was first published in December 2001

Join the conversationComment

Share
Comments

    Results

    Contribute to the conversation

    All fields are required. Comments will appear at the bottom of the article.
    Back to top