Choosing a tape encryption product

Here's a look at the pros and cons of three different tape encryption products.

As the fear of public relations nightmares over lost tapes are mounting and compliance requirements around safeguarding personal data are becoming more stringent, many organizations -- notably in the financial sector -- have been looking at various solutions to prevent backup and archive data from ending up in the wrong hands. A growing number of organizations are contemplating disk-to-disk (D2D) backup solutions to work around this...

issue. They reason that if the data doesn't leave the realms of the IT environment, the risk of losing media containing confidential data is significantly reduced.

However, for different reasons, not all companies are in a hurry to leave tape technology behind. For example, some companies have made significant investments in tape storage and still might be a few years away from replacing tape with disk-only storage. That said, these same companies may still have an immediate requirement to demonstrate that data is secure and unreadable by unauthorized parties once it leaves their sites. This is where encryption at the tape device level comes into play.

At this point, the only two contenders with market-ready tape device level encryption offerings are IBM Corp. with its System Storage TS1120 and System Storage TS1040 drives, and Sun Microsystems Inc.'s StorageTek T10000 tape drive. Quantum Corp. also remarkets IBM drives for some of its libraries. All drives offer similar performance and vary in capacity (see the table below).

Technology Native capacity per cartridge (uncompressed) Native transfer rate
IBM TS1120 (3592) 700 GB 104 MBps
IBM TS1040 (LTO-4) 800 GB 120 MBps
Sun StorageTek T10000 500 GB 120 MBps

There are differences worth noting between the technologies such as pricing; both the Sun StorageTek T10000 and IBM TS1120 were listed in the $30,000 range, while the IBM TS1040 was initially listed in the $20,000 range. The IBM offering is also available in SCSI or SAS-only format (no Fibre) for a little more than $5,000 as the TS2340. Both the StorageTek T10000 and IBM TS1120 drives target the 9840 and 3592 market, which is typically enterprise class. The IBM TS1040 and SCSI/SAS equivalent TS2340 offer a cost-effective alternative for the small and medium-sized business (SMB) space.

Also worth noting are the differences in encryption key management. Sun's StorageTek relies on a Crypto Key Management Station (KMS), which is a chargeable feature and must be installed on a Sun Solaris platform. This is in contrast with IBM's Java-based key management, which can be installed on a Microsoft Windows-based host, and is provided at no extra cost. IBM's key management can also be handled by its Tivoli Storage Manager (TSM) backup software.

One critical aspect of key management common to all options is the need for backups. To that effect, Sun's KMS allows for the creation of a local backup and remote replication to another KMS. IBM's key store can be backed up on the host system, or if managed by TSM, backed up internally though TSM. In any case, it must be noted that key management backups shouldn't be stored on the encrypted media it manages.

About the author: Pierre Dorion is a certified business continuity professional for Mainland Information Systems Inc.


This was first published in February 2008
This Content Component encountered an error

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

1 comment

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchSolidStateStorage

SearchVirtualStorage

SearchCloudStorage

SearchDisasterRecovery

SearchStorage

SearchITChannel

Close