Published: 12 Nov 2005
Major data losses by large corporations have grabbed headlines and created a surge of interest in encryption.
In the past year, IT professionals have grown accustomed to opening their morning papers to stories about companies losing backup tapes.
A sampling: In February, banking behemoth Bank of America Corp. confirmed it lost backup tapes containing the account information--including credit card and social security numbers--of 1.2 million government employees, including U.S. senators. In May, media and entertainment company Time Warner Inc. announced that 40 backup tapes containing data on 600,000 employees were lost during a routine shipment to an offsite storage facility by Boston-based storage and records management firm Iron Mountain. Citigroup Inc. followed suit in June with another tale of lost backup tapes, this time containing records for 3.9 million past and current customers, lost in transit by United Parcel Service (UPS).
Was data actually compromised? Perhaps. Were these companies' images tarnished? Most definitely.
IT professionals are starting to put in place technologies and procedures that will help their companies avoid becoming the next lost-backup-tape headline. "You watch the news, and you get very nervous about the data you're trying to protect," says Charlie Fulks, CEO at Credit Union Data Processing (CUDP) Inc., Farmington, UT, an application service provider that offers outsourced IT to credit unions in the Mountain States. CUDP began providing an encrypted backup service to its clients this year. "There was no regulation forcing us to do this, it was more of a preemptive thing," he notes.
Anecdotally, vendors also report a surge in interest in encryption products. "Before, there were people who had a specific need for encryption," says Mike Adams, group manager of Symantec Corp.'s Veritas NetBackup product marketing. "Now it's more for the masses."
The good news is that technologies to prevent data stored on backup tapes from getting into the wrong hands are readily available. Whether you use host-based software, your backup software's encryption capabilities or specialized encryption appliances, it's possible to keep information confidential if tapes are lost or stolen.
Furthermore, if you can demonstrate that encryption technologies are being used effectively, your company may be exempt from having to comply with legislation such as California's SB 1386. That law requires any person or organization doing business in the state, and that keeps personal information, to disclose any security breaches when there's a danger of personal privacy being compromised--but not if the data is encrypted. Similar bills have also been proposed in the U.S. Senate.
The bad news is that encrypting backup data degrades performance and requires additional management procedures. According to the Milford, MA-based analyst firm Enterprise Strategy Group, only 7% of businesses encrypt all their backup tapes. One reason for the low number may be storage professionals' lack of awareness of the problem and available solutions. But another reason may be that encrypting backup tapes is simply too onerous a task relative to what you stand to gain from it.
The software approach
Encrypting data is nothing new and there are several software packages that will encrypt data even before it's backed up. Software solutions range from point products like PKWare Inc.'s SecureZip (built on the ubiquitous PKZip), to IBM mainframe utilities, to comprehensive enterprise-wide security frameworks like Vormetric Inc.'s CoreGuard, which can be used to encrypt data systematically or on an ad-hoc basis.
The major enterprise-class backup software packages, with one notable exception, can encrypt data: CommVault Systems Inc.'s Galaxy, IBM Corp.'s Tivoli Storage Manager (TSM) and Symantec's Veritas NetBackup. The exception is EMC Corp.'s Legato NetWorker, which will add encryption in its next release, version 7.3.
|Rethinking disk's role in backup|
Does tape's vulnerability to being lost or stolen have people rethinking their backup strategies in favor of disk-based solutions? "Absolutely," says W. Curtis Preston, vice president of data protection at GlassHouse Technologies Inc., Framingham, MA. The traditional approach to tape backup--weekly fulls plus nightly incrementals--has a lot of challenges associated with it, not the least of which are hardware costs, lengthy restore times and training personnel, especially if there are remote offices involved. Add the overhead of encrypting tape and the backup process becomes even more cumbersome.
"In the new world of data protection, you've got snapshots, CDP [continuous data protection] and content-reduced backup," Preston says.
Even companies whose businesses revolve around backup tapes are promoting alternatives. For customers who would prefer to avoid shipping tapes via truck, Boston-based Iron Mountain now offers its Server Electronic Vaulting service, which encrypts a backup job and sends it off site for electronic vaulting. The data is encrypted over the wire and stored encrypted.
Symantec/Veritas, for example, has offered encryption as an option to NetBackup for a long time, but until last year, encryption was limited to 40- or 56-bit keys, widely regarded as insufficient. "People chuckled when we told them we have 40-bit and 56-bit encryption," says Adams.
With version 5.1, Symantec/Veritas upped the encryption ante with 128- and 256-bit keys. Backup software vendor BakBone Software Inc. updated its encryption capabilities in the new version of its NetVault Encryption Application Plugin Module (APM) this summer. It increased the length of its keys from 40- to 128-bit encryption, and introduced an enhanced user interface.
And it's not only high-end backup packages that offer encryption; software is starting to be targeted at small- to medium-sized businesses. In January, EMC announced that its Dantz Retrospect 7 backup application now features 128- and 256-bit AES encryption. Symantec has encryption on its roadmap for Veritas Backup Exec for the second half of 2006, says Adams.
But just because you can perform encryption using backup software doesn't necessarily mean you should--especially not on a large scale. "We position [NetVault's Encryption APM] as a first line of defense," says Bharat Kumar, BakBone's vice president of marketing. But in environments that require large-scale backup encryption, it should be "used alongside other technologies, like tape encryption appliances," he adds.
What's wrong with encrypting tapes using backup software? In a nutshell, it takes more time, consumes more storage and costs more money. Here's why:
- Most backup software packages perform encryption on the client. That's a good thing in that data travels over the network encrypted, but it adds to the amount of time it takes to back that client up. According to W. Curtis Preston, vice president of data protection at GlassHouse Technologies Inc. in Framingham, MA, a backup encrypted with backup software will complete 50% slower than one not encrypted. Vendors that advertise better performance than that probably aren't using top-of-the-line 256-bit keys, he says, adding that "the length of time it takes to encrypt a backup is directly proportional to the size of the key used."
- Encrypting data on the client makes it impossible to compress data later on because encrypted data is uncompressible. It's easy to circumvent that problem by using your backup software's compression feature, but that also slows down a backup.
- Encryption is sometimes, although not always, an extra-cost option to the backup package. Symantec/ Veritas charges for 128- and 256-bit encryption (but it's considering offering 40- and 56-bit encryption for free, says the firm's Adams). BakBone charges $195 per server for its NetVault encryption add-in.
But in environments struggling to complete backups in a timely fashion, adding encryption to the mix "lengthen[s] your backup window," says John Lallier, vice president of technology at FalconStor Software, Melville, NY. In those environments, taking the encryption function out of the backup software and putting it into specialized hardware is probably the right way to go.
This summer, FalconStor added a specialized chip to its VirtualTape Library appliance that handles 128-bit AES encryption. Dubbed Secure Tape Transport Service (STTS), it allows encryption to be performed on the VTL appliance rather than on the clients or the backup server, which eliminates any performance hit on the production system. Furthermore, the VTL can also compress the data before it encrypts it, so as not to swell the size of backups on tape.
Moving encryption out of the backup software is a logical evolution, Lallier says. Once upon a time, compression was also the domain of backup software; but these days, the compression function has largely migrated to tape drives and libraries.
In fact, manufacturers are actively considering adding encryption to their tape drives. "If you move the encryption out closer to the hardware, you don't have to do hardware-specific things and it mitigates the performance characteristics," says Charlie Andrews, director of IBM TotalStorage product marketing. While IBM is still looking at how to implement it, the company's ultimate goal is to bring the encryption function "outboard" and couple it with systematic enterprise-wide key management, he says.
In the meantime, taking encryption off the host is the idea behind specialized encryption appliances such as Decru Inc.'s DataFort (Network Appliance Inc. acquired Decru last summer for $260 million) and NeoScale Systems Inc.'s CryptoStor. As SAN-attached devices, they sit in the fabric between the host and storage and encrypt the data stream at speeds as close to wire-speed as possible, adding virtually no latency. While neither of the companies' products was designed to encrypt backups per se, over time both companies have developed specific versions of their products designed for tape: Decru DataFort FC-Series for Tape and NeoScale CryptoStor Tape.
Decru's DataFort for Tape is no different than versions designed for primary disk. "It's a licensing issue," says Michele Borovac, Decru's vice president of marketing. The tape-specific version, however, is integrated with backup applications so it can be configured to encrypt specific backup jobs and tapes, or data coming from specific hosts.
NeoScale's CryptoStor Tape is architected differently than CryptoStor for primary disk. Whereas CryptoStor for primary disk is an inline appliance, CryptoStor Tape is built as a proxy that poses as the tape device, processes the data and then passes it on. That means CryptoStor Tape can be zoned among several hosts and tape devices, and it can also compress the data. The inline appliance is designed to transparently encrypt data between a host and storage; as such, "you can't change the length of the data" with compression, says Dore Rosenblum, NeoScale's vice president of marketing, because the disk is expecting data within a certain block range.
Another hardware-based tape encryption product is Assurency SecureData for Tape, from Kasten Chase Applied Research Limited in Toronto. Assurency consists of two products: the Assurency ACA 2400 Crypto-Accelerator and Driver, a board-level compression and encryption engine that sits inside the backup server; and the Assurency SecureData appliance, whose main role is key management and applying policies about which tapes get encrypted.
All of this performance and manageability comes at a cost: Expect to spend at least $25,000 per appliance, says GlassHouse's Preston. Pricing for NeoScale's CryptoStor Tape starts at $20,000 and goes up to $45,000, says Rosenblum, while Decru's DataFort for Tape is priced at approximately $25,000.
For a slightly more affordable approach to hardware-based backup encryption, users may want to consider a product from British firm Disuk Ltd., Northampton, U.K., which resells its wares in the U.S. through Digital Security International in Arlington, VA. The appliance, called Paranoia2, comes with SCSI, Fibre Channel or iSCSI connectivity, and features throughput of up to 68MB/sec. That won't fill a full 2Gb/sec Fibre Channel pipe, but may suffice for some backup jobs. Paranoia2 features Triple DES 256-bit encryption and retails for approximately $15,000. This June, the firm also announced SafeTape, which bundles the Paranoia encryption engine with a single SDLT, LTO or AIT tape drive for a retail price of $17,995.
Don't lose your keys
"Without an effective key management plan, data encryption is tantamount to data deletion," says Dennis Hoffman, EMC's vice president of information security. Different encryption options vary in their approach to key management. At CUDP, for example, the responsibility for managing keys rests with the firm's Shapiro. The way NetVault's encryption plug-in works, the key to decrypt a backup is stored on the client machine. That means that if the machine itself is down, you can't access the key. To get around that problem, Shapiro has a password-protected file in which he keeps keys for all the machines backed up by CUDP.
That approach should work fine, assuming Shapiro isn't hit by a truck going to work and that nothing happens to his password-protected file in which the keys are stored. According to Preston, many backup encryption packages take key management pretty lightly. For example, Symantec/Veritas NetBackup, he says, can work with only one key at a time--which means the same key can be used to encrypt and decrypt any backup tape cut by the application. Some key management schemes "may have sounded good in 1987, but they don't sound very good today," Preston adds.
Here are some things to look for from a sophisticated key management solution:
- Keys should allow backups to be restored to servers other than the one on which they were created.
- Keys should be protected and replicated, possibly to a key escrow service.
- Keys should be able to be authenticated using public key/private key mechanisms.
- Some key management services let you designate multiple people as "security officers." To initiate a decryption, a quorum of security officers must be met, eliminating the possibility that a single black hat can decrypt a tape.
Whatever the case, it's important to remember that encrypting backups should be only a small part of an organization's security strategy. "A tape falling off of an Iron Mountain truck is a 5% problem," says Hoffman. "It's far more likely that information will be leaked because of a laptop loss or employee theft." Broadly speaking, he sees the rush to encrypt backups as "a massive knee-jerk reaction within the storage industry right now. The best way to secure your backup is not to put it on tape [and to use disk]."
Others see the move toward encrypting tapes as the new world order. Whether people continue to back up largely to tape, or move to disk, it's increasingly clear that the days of unencrypted backup tapes are numbered. Says Rob Gretton, director at Disuk: "In a few years the comment will be made 'You mean you didn't used to encrypt your backups?'"