Data encryption is important for any backup environment. In order to secure access to your data backups, you must encrypt them. There are several different data encryption solutions to choose from. You can implement disk or tape encryption, or opt for either hardware or software backup encryption. However, backup encryption isn't necessarily smooth sailing once you implement it. Key management, for example, gives many storage professionals concerns.
In this interview, Greg Schulz, founder and senior analyst at the StorageIO Group, discusses different data encryption solutions available today. Find out the popular types of backup encryption, how to choose between software and hardware backup encryption and common concerns with data encryption solutions. Read the transcript below or download the MP3.
Table of Contents:
>> What types of backup encryption are being offered today?
>> Is one type of backup encryption more frequently used than the other?
>> Disk encryption can be implemented via software or hardware. What are the pros and cons of each strategy?
>> What are some concerns that pop up with both tape and disk encryption products?
>> What does pricing look like for popular data encryption solutions?
There are a lot of options. When it comes to encrypting your data, there's encryption via software, such as backup software, archiving software and data protection software. There's also encryption via the application. Plus, your email systems, databases, document management and other applications can encrypt data. You can also do the encryption via external appliances or networking appliances, and they all have their different purposes. They all have their pros and cons, but the important thing is to encrypt.
It's a mix. I would have to say, particularly looking at the midmarket and the small- to midsized business (SMB), that backup software, or enabling encryption in backup software is frequently used. That is, when you're actually doing your backup and doing your data protection and turning the encryption capability on within the software -- that is probably the most common way to encrypt. The simple reason for this is that it's included. You don't have to go out and buy extra functionality, but on a growing and increasing basis, leveraging the encryption capability within the tape drives and the backup products themselves can actually offload that function. But overall, I would have to say encryption is probably most often used within the software itself.
You can do encryption all the way up within the application or you can do it all the way down at the device itself -- whether it's a tape drive that can encrypt itself or a disk drive. You can encrypt within the storage systems at all these different places. The big differentiator is probably protecting data in flight as opposed to data at rest. Certainly you want to protect data that is going to be sitting on the shelf, waiting to be transported and just sitting on that medium. But there's also the need to protect the data as it's going from point A to point B, or from the application to a server to a storage device. That can be done either directly or via a public or private network. So sometimes it actually means having multiple layers of encryption and not relying on just one or the other.
So certainly you want to protect all data in transit, but you also want to protect it while it's at rest. And you want to protect not just in case it gets lost or stolen, but also you want to protect it on an internal as well as on an external basis.
When I talk with IT professionals, I find that the No. 1 barrier to encryption is key management. You could say that key management is the key to encryption, but it has been the biggest barrier. People are concerned about losing their keys, managing their keys and importing/exporting them. So any tool or technology that can simplify it -- whether it's software-based or hardware-based encryption -- that gives you that flexibility to export keys and save them in a different place becomes even more and more important.
Pricing is all over the board. Most of the popular backup products, whether they are ones you buy or even ones that are shareware include some form of encryption. Many devices will actually come with that capability as well. Depending on the size and scale and what you're looking to do, you can buy optional add-on encryption capabilities and key management. The big challenge is key management and what can be done to simplify it. So because of this, pricing is all over the board.
This was first published in March 2011