This article can also be found in the Premium Editorial Download "Information Security magazine: Tips for navigating the maze of global security regulations."

Download it now to read this article plus other related content.

Hardware Encryption
The relatively new option that has increased interest in encryption is a hardware appliance that sits in the physical data path and encrypts data on its way to tape. Because the encryption is done in hardware, it can be done much faster and does not slow down the backup. In addition, encryption appliances designed for tape compress the data before it is encrypted.

These systems typically have very sophisticated key management systems that cannot be defeated by a single malicious employee. For example, they often separate the keys used to encrypt the data from the keys used to authenticate and authorize systems and personnel. They also offer features that ensure keys never get lost, such as replication and key vaulting. These systems are advanced because they were all developed within the last five years, and take advantage of decades of lessons in data security.

The first encryption appliances available were single-purpose appliances with a few ports in and out. As of late last year, these systems owned the lion's share of the backup encryption market. At the same time, encryption functionality is now being included inside tape libraries, intelligent switches and tape drives. This leads to the question: where should hardware encryption reside? As long as the hardware system compresses, encrypts and has a strong key management system, it doesn't really matter.

Hardware encryption is the most viable option

    Requires Free Membership to View

for anyone wishing to encrypt a large amount of data on its way to tape. Customers can compress their backup data without any performance or capacity loss; they just need to buy enough appliances to handle their backup bandwidth requirements. The only drawback is cost; these appliances typically start at $20,000. However, their costs pale in comparison to the costs of a public breach disclosure.

Which One?
What matters most to your business operations and which problems you're trying to solve will determine the best approach for you. If you want sensitive data to always be encrypted, then you'll want to choose source encryption. If you just want to make sure data is encrypted as it's leaving a system on its way to backup, you'll want to select backup software encryption. Just keep in mind that both of these methods have serious performance and capacity drawbacks. If you don't want to figure out what should be encrypted, and simply want to encrypt everything on the way to tape--plus avoid any performance or capacity loss in the backup system--then you'll want hardware encryption.

Whatever encryption method you pick, it should provide some peace of mind if a backup tape goes missing. Ultimately, it's a decision an enterprise can't afford to avoid in this age of data privacy regulation.

This was first published in February 2007

There are Comments. Add yours.

TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: