Can you explain the various ways which are available to perform backup tape encryption today?
There are a lot of ways to encrypt tape. Data-level encryption involves encryption of data before it is backed up to tape. This can be done as a function of most file systems today. You also have encryption tools in backup software which encrypt the backup container -- the file folder, if you will -- that holds backup data. A third approach is to use hardware-based encryption, which is available as an option on most tape libraries today. And there is media/drive-level encryption.
With LTO 4, vendors claimed that media encryption (AES-GCM) complied with Federal Information Processing Standards for Level 2 or Level 3 secure data centers. If you used LTO 4, and sought to obtain legal certification using FIPS rules, all you needed to do was turn on native LTO 4 encryption. That wasn’t true. At this point, it may seem like much ado about nothing, but it is worth checking to see what kind of backup tape encryption will satisfy the characterization of your tape practice against the backdrop of differing data center security standards.
Related Q&A from Jon Toigo
When your disaster recovery plan includes cloud backup, Jon Toigo of Toigo Partners International explains what you'll need from your provider.continue reading
Jon Toigo of Toigo Partners International discusses specific considerations for hot-site disaster recovery testing in this Expert Answer.continue reading
Independent disaster recovery expert Jon Toigo discusses how storage virtualization can simplify disaster recovery tests in this Expert Answer.continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.