Can you explain the various ways which are available to perform backup tape encryption today?
There are a lot of ways to encrypt tape. Data-level encryption involves encryption of data before it is backed up to tape. This can be done as a function of most file systems today. You also have encryption tools in backup software which encrypt the backup container -- the file folder, if you will -- that holds backup data. A third approach is to use hardware-based encryption, which is available as an option on most tape libraries today. And there is media/drive-level encryption.
With LTO 4, vendors claimed that media encryption (AES-GCM) complied with Federal Information Processing Standards for Level 2 or Level 3 secure data centers. If you used LTO 4, and sought to obtain legal certification using FIPS rules, all you needed to do was turn on native LTO 4 encryption. That wasn’t true. At this point, it may seem like much ado about nothing, but it is worth checking to see what kind of backup tape encryption will satisfy the characterization of your tape practice against the backdrop of differing data center security standards.
This was first published in March 2012