Can you explain the various ways which are available to perform backup tape encryption today?
There are a lot of ways to encrypt tape. Data-level encryption involves encryption of data before it is backed up to tape. This can be done as a function of most file systems today. You also have encryption tools in backup software which encrypt the backup container -- the file folder, if you will -- that holds backup data. A third approach is to use hardware-based encryption, which is available as an option on most tape libraries today. And there is media/drive-level encryption.
With LTO 4, vendors claimed that media encryption (AES-GCM) complied with Federal Information Processing Standards for Level 2 or Level 3 secure data centers. If you used LTO 4, and sought to obtain legal certification using FIPS rules, all you needed to do was turn on native LTO 4 encryption. That wasn’t true. At this point, it may seem like much ado about nothing, but it is worth checking to see what kind of backup tape encryption will satisfy the characterization of your tape practice against the backdrop of differing data center security standards.
Related Q&A from Jon Toigo
Although software-defined storage and object storage can work in similar ways, there are significant differences between the two.continue reading
Traditional file storage can have a hard time handling today's massive amounts of metadata. Learn why object storage has become a popular replacement.continue reading
Large amounts of unstructured data and technologies like cloud have some asking if the traditional file system is up to the task.continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.