Security

Encrypting backup tapes

Backup should be keeping your customer’s data secure as well as safe. Forget to encrypt data written to tapes and they run the risk of having to explain it to the auditor when a courier loses them.

Encrypt at the application level (before it is sent to the backup device) and you only need to encrypt the data you care about, which can make data restoration and validation easier. And if data is encrypted in the application, rather than when it is written to the backup media, it’s less likely to be sent in the clear from the application across the network, which can introduce vulnerabilities elsewhere in the system.

On the other hand, applying granular backup policies to application data can be a complex and gruelling process, because you’re likely to have to build that directly into the server application’s database.

Encrypting at the point of backup gives you two options: an in-line encryption device from a company like CipherMax (www.ciphermaxinc.com), or a system that encrypts directly on the device. The LTO 4 standard for tape drives from the LTO Consortium now includes native AES encryption capabilities, so that the device itself handles backup.

Check how you manage the keys; most encryption software has its own key management capabilities, but with several customers to deal with you’ll want to centralise it. The forthcoming IEEE 1619.3 standard, defining how a key manager sends keys to a device like a tape drive, or an application, promises better separation between the management system and the device using the key.

Link to a Relevant Feature Click here to go to the main feature - Specifying and Supporting Disk Encryption

 


 
Banner
Share |
Write comment
security image
smaller | bigger

busy

Download


Subscribe and get the magazine in the post before it's online

Subscribe and get access to all of the back issues

To read a sample eMagazine - March 2010

 
FREE SUBSCRIPTION!
Banner

IT EXPERT TOP TIP

You want the PCs you support to have the right time for more reasons than keeping the users happy; for one thing, if every PC has a slightly different time, finding which version of a file was updated most recently gets much more complicated. Get your head around the Windows Time Service at http://technet.microsoft.com/en-us/library/cc773013.aspx, get the commands for making a PC get its time from the domain at http://technet.microsoft.com/en-us/library/cc758905.aspx and if you want a an alternative time server use uk.pool.ntp.org to get the time from a random time server in the NTP Pool Project (read about the project at http://www.pool.ntp.org/use.html) read more

TAKE THE POLL

Unified communications

Banner

The #1 Bestseller for Only 77p

Key resources

Login to view Key Resources

RECENT COMMENTS