Home > Using an encryption appliance for data backup security
FAQ:
EMAIL THIS

Using an encryption appliance for data backup security

06 Jul 2009 | SearchDataBackup.com

Digg This!    StumbleUpon Toolbar StumbleUpon    Bookmark with Delicious Del.icio.us   

Data backup security is an ongoing challenge for many organizations and encryption is an obvious step to protect backup data. However, there are a number of ways to perform backup encryption today. One way is to use an encryption appliance. These appliances sit in the backup stream and encrypt data as it is being sent to the backup target. But, are encryption appliances right for your particular needs? Kevin Beaver, information security consultant with Principle Logic LLC, discusses the pros and cons of using encryption appliances for backup encryption and what you need to consider before deploying an encryption appliance. His answers are also available as an MP3 below.

Download the encryption appliances FAQ

Table of contents:

>> Who needs an encryption appliance?
>> What are the benefits of using an appliance for encrypting data backups?
>> What are the drawbacks of using an appliance for encrypting data backups?
>> Are encryption appliances widely used today?
>> Can you get similar benefits at a lower cost?

Can you provide an overview of the encryption appliance market and explain who really needs this type of device?

I'd say that encryption is becoming one of those necessary technical controls, because tape backups, and other kinds of backup media, have evolved to the point where they are growing legs and can run away. I just looked at the Privacy Rights Clearinghouse's Chronology of Data Breaches, and several mishaps involving data backup media have occurred in the past few months alone.

For example, earlier this year an Arkansas Department of Information Systems tape with over 800,000 records containing criminal background check information went missing from an information protection company's vault. About a month after that, a civilian employee of NYPD's pension fund was accused of stealing tapes containing the social security numbers and bank account information of more than 80,000 police officers. Also, as many as 100,000 patients of Peninsula Orthopedic Associates had their information breached when tapes containing sensitive records were stolen. And, these are just the breaches that have been reported. What about all the other issues that are overlooked or kept under wraps?

Now, whether or not the tapes in these breaches were encrypted or not is unknown. But, I can tell you that, based on what I see in my work performing security assessments, I'd be willing to bet that they weren't. So, to answer the second part of your question, really any organization that has a need to stay out of hot water when it comes to compliance or other regulations can benefit from encryption appliances.

Can you outline some of the benefits of specifically using an encryption appliance? There are a number of ways to do backup encryption, why would someone want to use an appliance?

First of all, they are transparent to the operating system and the applications. They just kind of sit right in the middle of the backup stream. There is minimal configuration required. They can be easier to manage in terms of compliance. A lot of them have audit logging and recording features, which you probably won't get otherwise. Also, you are typically going to get better and more secure encryption key management. These devices either store the keys within the device itself or work with a third-party key management application.

Can you outline some of the drawbacks?

First of all, they can be pricey, so you have to be open to the investment involved in purchasing and maintaining the appliance. The implementation can take a good amount of time to get everything set up and tweaked for your particular network. The biggest thing is that it's just another piece of equipment to patch and maintain.

In your work as a consultant, are you seeing much use of these types of devices?

I'm actually not. I work with small businesses up through large enterprises and I'm not really seeing a lot of application in this area. I think the reality of it is that so many organizations can't get their arms around data storage, data backup and especially information security. So how can an IT staff struggling with day-to-day IT issues deploy another complex technology, when they don't have the time, effort or money to spend on other aspects of IT.

That being said, there are organizations in which management believes that as long as they have some nice technical controls around backup, then everything will be hunky dory. That could be a driver for the encryption appliance market. But, the reality of it isn't that simple. These technical controls can't just be thrown in place and expected to work without having some sort of overhead.

Encryption is usually one of those things that come out the checklist audits that so many organizations are performing against their systems. Whether or not that's the right way to go about it, that's to be determined by your organization.

There a number of ways you can do encryption today. Is there a way that you can get a similar benefit at a lower cost?

Absolutely. Most current backup applications have built-in backup encryption capabilities. So, it doesn't matter whether you are writing to tape, to disk, whatever. The problem with going that route is the overhead required for backup time and management. Especially with tape, it can become overwhelming trying to figure out what to encrypt and what not to encrypt. It can also create some administrative gaps and potentially even availability issues. There are also tape libraries on the market with built-in encryption.

But really, you have to take a step back and ask yourself what really matters here. Are you worried about a tape going missing? Is price an issue? Is overall business risk management an issue? How does it fit into your environment? That's going to determine whether you need an encryption appliance or if you can do this with something you may already own.



Digg This!    StumbleUpon Toolbar StumbleUpon    Bookmark with Delicious Del.icio.us   



RELATED CONTENT
Data backup security
Criteria for choosing the right tape encryption solution for your data backup plan
Data backup and recovery news briefs: Thales Group releases CryptoStor Tape 3.0 appliance
Secure your data backups with encryption key management best practices
Podcast: Backing up data on mobile devices
Secure data destruction options for old backup tapes and disk
Putting a solid data backup and recovery plan behind mobile devices
Data storage backup security tutorial: Tape encryption and cloud backup
Quantum adds VMware data backup, encryption key management device
How do you make sure your data is secure when using a online/cloud backup provider?
LTO-4 tape technology finally catching on -- tape storage isn't dead yet

RELATED RESOURCES
2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems
Search Bitpipe.com for the latest white papers and business webcasts
Whatis.com, the online computer dictionary




Data Backup Solution Categories
About Us  |  Contact Us  |  For Advertisers  |  For Business Partners  |  Site Index  |  RSS
SEARCH 
TechTarget provides technology professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective purchase decisions and managing their organizations' technology projects - with its network of technology-specific websites, events and online magazines.

TechTarget Corporate Web Site  |  Media Kits  |  Site Map




All Rights Reserved, Copyright 2008 - 2009, TechTarget | Read our Privacy Policy 		  TechTarget - The IT Media ROI Experts