The consideration of when, where and how to employ encryption should only occur after the most critical question has been answered: "Why should I encrypt data?" The next logical question would be: "What alternatives to encryption are available?" In some cases, encryption is not the best option available, and other alternatives such as maintaining physical control over data may be a better solution.
Disaster recovery (DR) requires data be stored offsite in order to recover from a local or site disaster. For organizations without a highly secure method to transport and store information offsite, encryption may be the best option to meet the simultaneous requirements of storing data offsite while ensuring that it's always secure and doesn't fall into the wrong hands.
The National Institute of Standards and Technology (NIST) has adopted the Advanced Encryption Standard (AES) as the preferred algorithm for U.S. governmental organizations. This standard is also covered by the Federal Information Processing Standards (FIPS) organization. The AES algorithm uses symmetric key encryption to protect information, which uses the same key to encrypt and decrypt data. As a result, the key used to protect data must itself be protected from disclosure in order to protect data. For this and other reasons, protecting, storing and managing keys is also an important issue.
Another important organization and standard is FIPS' 140-2 certificate. There are currently four levels of FIPS 140-2, ranging from level 1 to level 4. Many U.S. governmental organizations have mandated that FIPS 140-2 level 2 certified security products be used for storing sensitive information. The FIPS 140-2 standard mandates the use of AES encryption, along with methods to protect the keys used for encryption.
Third-party key management systems such as those provided by EMC Corp. RSA, nCipher Corp., NetApp DataFort and others may provide the ability to implement encryption and enterprise-wide key management while providing investment protection in the long run. A flexible key management system that provides support for multiple vendors' encryption products will reduce the likelihood of being tied to a particular encryption and key management solution that can't support enterprise growth and encryption enhancements.
Options for encrypting data on tapes
Encryption may occur on the host, typically under control of a backup application. It may occur in the network, with specially designed cryptographic network devices or it may occur on the storage device itself. There are many arguments for and against implementing a solution that employs one method vs. another.
Encrypting data on the tape drive is not the best option in all cases, however, it does have several advantages over alternatives, which are primarily the following:
- Encryption on tape drives provides hardware acceleration, unlike many host-based or application-based alternatives
- Encrypting on tape drives provides built-in scalability; performance increases with the addition of each additional tape drive
- Data compression and encryption may be optimized for the specific tape drive format
Encrypting tape drive options
There are currently four tape drive formats and four manufacturers that offer encryption on the drive. The formats include LTO-4, which is manufactured by Hewlett-Packard (HP) Co., IBM Corp. and Quantum Corp., and three mainframe formats. For mainframe and open-systems environments, IBM offers its TS1120/TS1130 and Sun Microsystems Inc. offers its StorageTek T9840D and T10000A/B format drives.
The six tape drives that support encryption have many similarities, and some significant differences. For a chart that shows the comparison of the features on encrypting tape drives, click here.
Spectra Logic's BlueScale Encryption doesn't do device encryption on a tape drive; however, it does provide in-line encryption within the library. This is logically similar to network-based encryption such as that provided by Decru, nCipher, CipherMax or Cisco Systems Inc., with the difference being that they have embedded the "network" encryption within the library physically. Logically it is in the network; physically it is within the library.
The type of encryption employed in LTO-4 drives is AES-GCM encryption. This method is covered by NIST and the IEEE P1619 committees on security. However, to date there are no FIPS 140-2 certified encryption solutions using LTO-4 encryption. LTO-4 drives all employ the same encryption methods, and must in order to provide interoperability of tapes between drives. LTO-4 drives retain a key on the tape drive. The key isn't stored on the media, and is passed to the drive via a secure mechanism.
Currently no LTO-4 tape drive has been certified as FIPS 140-2 level 2 compliant, nor has Sun's T10000 A or B drives been certified as 140-2 level 2 compliant. Sun's drives are currently undergoing FIPS 140-2 testing, but to date, none of their solutions have been FIPS certified. When LTO-4 drives initially shipped there were claims of "designed for FIPS 140-2" or other claims of compliancy by some vendors, however, all LTO-4 vendors have since pulled that specific wording from their literature.
Moreover, there is currently only one solution that is certified as FIPS 140-2 level 2 compliant using tape drive encryption. If meeting this criterion is critical, than IBM's TS1120 or TS1130 with their EKM key management is the only option currently certified as compliant. However, the alternative tape drive encryption options provided by Sun and the LTO-4 manufacturers are all excellent implementations of tape-based encryption, albeit with some minor issues that have prevented FIPS 140-2 level 2 certification up to this point. The issues that have prevented certification are likely not cause to eliminate these tape drives from consideration for the vast majority of environments.
Key management issues
Many users have been reluctant to implement encryption due to concerns around key management, standards, availability of solutions in the future and other unknowns. These are all valid concerns, however, these barriers may be overcome, and it often requires working with a trusted partner to implement a corporate security and encryption strategy.
For these reasons, key management is the much larger and harder decision with respect to security and encryption. Any encryption implementation should be considered only after a comprehensive enterprise-wide key management decision has been made. The challenge is in maintaining a sufficient number of keys to ensure access to data, without leaving the keys themselves unprotected.
Currently, one type of encrypting tape drives store the encryption key on the tape, with that key itself encrypted with public key (asymmetric) cryptography. This makes it possible to share encrypted tapes between third parties or data centers without having to transmit keys. IBM's TS1120/TS1130 drives utilize this method.
Other implementations store the key outside of the tape, using some type of "key management" system or appliance. In this case, a key identifier is placed on the tape that identifies which key is used. When that tape is read, the tape requests the corresponding key from the key management appliance.
Other important considerations
Perhaps the most important criteria in selecting an encrypting tape drive is to consider your current environment and existing investment in products, tools, processes, operating environments and tape media. For organizations that have made a large investment in tape media, changing drive formats has a significant cost.
For environments that have a large portion of data residing on mainframe or Z/OS systems, it is essential that the tape drive supports the OS. Currently all three tape drive formats that support z/OS environments also provide encryption: Sun's T10000 (A and B models), the Sun T9840D and IBM's TS11X0 (TS1120 and TS1130) drives.
Additionally, there are two primary designs criteria for tape drives, capacity or file access time. For use during backup or archiving, capacity and throughput are the primary factors. For use to actively process data, as is done in mainframe environments other factors become more critical, such as load and unload time, and the amount of time to access a particular file or data set. The only tape drive supporting encryption and optimized for access speed is the Sun T9840D tape drive. The majority of drives are optimized for capacity and throughput, including the remaining drives covered.
In many cases, encrypting drives are a good solution to the multiple goals of delivering offsite storage for disaster recovery, securely and cost effectively. Meeting any one of these goals can be difficult, but achieving all three requires a careful analysis of your unique requirements, existing investments and overall storage and security strategy. By utilizing an encrypting tape drive with the appropriate key management system, you will be able to meet these goals if your complete solution is architected correctly.
Russ Fellows is a Senior Analyst with the Evaluator Group. He is responsible for leading research and analysis of product and market trends for NAS, virtual tape libraries and storage security. He is also the primary analyst for coverage of selected open-systems arrays and virtualization products.