Data encryption's impact on network backup can be high

There are three ways to encrypt tape-based backup data:

• Host-based encryption through integration with backup software
• Appliance-based encryption with the addition of an inline appliance that encrypts data as it flows to the tape drive or library
• Tape drive or endpoint encryption, in which data is encrypted as it is written to the tape media

More on backup and encryption Tape encryption FAQ Choosing a tape encryption product How archiving and encryption impact backup Five questions for evaluating an encryption product

Host-based or software-based encryption exacts perhaps the harshest performance penalty on the backup process. It is processor-intensive because it's a task of the host computer and requires CPU overhead to process. Software-based encryption is incorporated into backup software such as EMC Corp. NetWorker or Symantec Corp.'s Veritas NetBackup either as a standard or optional feature. It also has the benefit of being less expensive and being integrated into existing backup packages vs. appliance- or tape drive-based encryption. Software-based encryption often doesn't include data compression, a process that needs to take place before encryption and which requires additional media.

Appliance-based encryption has the advantage of being able to encrypt data to both legacy (pre-LTO-4) products and heterogeneous tape libraries and drives. While having nearly wire-speed performance in encrypting data, appliances mean an extra device in the network to manage. Most appliance-based encryption devices also have their own key management systems rather than requiring users to obtain their own. An appliance has also the advantage of being able to be inserted into the existing data path without changing the backup application or integration with the tape library or tape drives. Examples of encryption appliances would be Crossroad Systems Inc.'s StrongBox TapeSentry, nCipher Corp.'s NeoScale CryptoStor and NetApp's DataFort.

Tape drive-based or library-based encryption has the advantage of little performance degradation as well as the ability to encrypt data after it is compressed and written to tape, thus maximizing the number of cartridges required to complete the backup process. But it has disadvantages, which are brought to it with the advent of the LTO-4 tape specification -- it is homogeneous -- often encrypting only the contents of one brand of tape library.

John Ruffing, assistant director for advanced technology integration services at Weill Medical College of Cornell University in New York City, uses tape-based encryption from Spectra Logic Corp.

"Weill Cornell is using tape encryption to enhance HIPAA and other regulatory compliance and, in particular, to allow safer offsite tape transport," says Ruffing, who has two Spectra Logic T950 tape libraries installed. "We are doing compression via the Spectra T950 Library with G5 QIPS [Quad Interface Processors] simultaneous to encryption."

When Ruffing initially installed the Spectra T950, he was using LTO-3 drives. "Performance via the G5 QIPS was indeed significantly affected by encryption," says Ruffing. "LTO-3 was the only option when we purchased the Spectra T950 and it required the QIPS."

Not long after in 2007, "LTO-4 drives with built-in encryption became available," says Ruffing. "I suspect the impact has been reduced or eliminated."

Another advantage of encrypting at the tape drive or library level is that it enables compression before encryption, resulting in a reduction of the number of tape cartridges required for backup. Other examples of encrypting drives include IBM Corp. System Storage TS1120 and Sun Microsystems Inc. StorageTek T10000.

Media for LTO-4 tapes is also more expensive than their LTO-3 predecessors -- for instance, an 800 GB LTO-4 tape may cost as much as $150, while a 400 GB LTO-3 cartridge is available a little more than $50.

Whichever method of encryption you choose, remember that with each comes its own benefits and drawbacks.

About this author: Deni Connor is principal analyst with Storage Strategies NOW in Austin, TX.

Do you have comments on this column? Let us know.

Do you know a helpful backup tip, timesaver or workaround? Email the editors if you'd like to write tips for SearchDataBackup.com.

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Backup and recovery Where and how to use data deduplication technology in disk-based backup Microsoft Office SharePoint backup and recovery strategies VMware vStorage API for Data Protection backup and recovery tips Symantec Backup Exec troubleshooting performance tips Evaluating a data deduplication product for data backup and recovery Performing a bare-metal restore in Windows Vista Troubleshooting data backup error log messages Target-based data deduplication technology product considerations Linux data backup and recovery strategies Understanding data deduplication ratios in backup systems Data backup security Using an encryption appliance for data backup security LTO-4 tape technology finally catching on -- tape storage isn't dead yet CA adds deduplication, virtual server backup to Recovery Management Data security concerns with online backup Data destruction options for your backup data The state of tape storage technologies and data backup today Cloud backup tutorial: How to leverage cloud backup services Ten questions to ask your online data backup provider The pros and cons of host-based vs. appliance-based tape encryption Barracuda to bring Yosemite Backup to the cloud Data storage backup tools Symantec fleshes out data deduplication roadmap File-level versus image-level data backup: Chapter excerpt from "VMware VI3 Implementation and Administration" Where and how to use data deduplication technology in disk-based backup Online backup on a budget Symantec Veritas NetBackup best practices: Using the maximum jobs per client setting Continuous data protection (CDP) on the rise in data backup and recovery products Backing up your virtual environment: Chapter excerpt from "VMware VI3 Implementation and Administration" Microsoft Office SharePoint backup and recovery strategies Continuous data protection (CDP) playing a role in data backup Data backup and recovery software best practices: A tutorial

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary