Five questions for evaluating a tape encryption product

By Jerome M. Wendt and Joshua Konkle

As you evaluate the different places in your data backup infrastructure where encryption can reside, here's a checklist of some important questions to ask:

Where in the storage infrastructure should you encrypt data?

This is the most fundamental question in selecting an encryption product. Each encryption architecture introduces significantly different considerations. Encryption key generation and management, increased backup windows, Fibre Channel SAN reconfigurations and heightened server overhead are just some of the factors a company needs to consider prior to adding encryption to its backup infrastructure.

How does the encryption software or appliance support key escrow and management for long-term data access and disaster recovery?

Key management is a compelling issue during any recovery, disaster or otherwise. If and when a company is required to recover data years later at its existing facility or during a disaster, it needs to have the keys used to encrypt the data before that data can be recovered.

How much space is required to encrypt the data?

Adding storage space in the form of more tape or disk isn't prohibitively expensive, but with encryption potentially increasing backed up data footprints by 20% or more, controlling the impact of encryption on storage growth is paramount. Compression is almost always part of the encryption process, so ascertain what capacity savings compression will provide and if that offsets

Requires Free Membership to View

the hit on backup performance and lengthier backup windows.

Is deduplication done prior to encryption?

In the long term, deduplication should offer better performance characteristics than compression, but on the initial pass backup windows can be horrific. Verify how deduplication products generate and manage encryption keys and what options administrators have to change them over time.

What is the likelihood of searching and accessing data after it's encrypted?

If data is encrypted and stored on tape without being indexed first, it's prohibitively expensive to search and index the data later.

This article first appeared in Storage magazine. Click here for the entire article.

This was first published in April 2008

There are Comments. Add yours.

TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

Disclaimer: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.