Are you aware of any encryption schemes used specifically for tape backups? Are there any special technologies or formats required/used to secure data on tape? I am somewhat familiar with WORM, but not sure of others.
Data encryption schemes work equally well for all types of media, tape,
disk and so on. Also, many backup programs contain encryption in them and
can create encrypted backup tapes.
You should be careful with encrypting backups. Encryption and backups are
somewhat at odds with each other. Backups exist to make data accessible,
encryption exists to make data inaccessible. There are two types of
failures that can happen. You may end up thinking your backups are secure
when they aren't. If backups are encrypted, then the people who know those
keys are the most trusted people in your system! On the other hand, imagine
how upset you'd be if you discover that your data warehouse is worthless
because no one knows how to decrypt it. Consequently, you have to examine
why you are encrypting your backups and who has access to them and where
the keys are stored.
There's nothing wrong, for example, with using a password encryption scheme
to encrypt and writing those passwords in a log book. Just protect the log
book properly. Other password protection schemes include writing the
password on a piece of paper, sealing it in a tamper-evident envelope (sign
over the flap, for example) and keeping that in a moderately secure place.
WORM is completely different from encryption -- it is a type of media, not
a data storage technology. WORM (Write Once, Read Many) is short
hand for a type of storage. The most common WORM systems today are CDR
writable CDs. I use these for my backup, not for any security, but because
they're cheap. Some systems have a need (for example, evidence in an
investigation) to show that once a file has been written, it could not have
been modified. For these systems, there is a systems need for WORM. In most
cases, cost and convenience are the real considerations. In a day when
US$20 can get you 100 CDs, that is 70GB of backup for not a lot of money.
On the other hand, if you're backing up a 100GB database, that's a lot of
media that has to be fed to the machine, so convenience becomes a big
consideration. A convenient system is also one less prone to operational
errors. And let's remember -- no one really wants backups. What they want
For more information, check out these other SearchSecurity.com resources:
Best Web Links: Data protection
Best Web Links: Encryption
This was first published in December 2001