News Stay informed about the latest enterprise technology news and product updates.

Credit union takes no chances with data security

Boeing Employees' Credit Union is encrypting all its data written to tape to avoid security breaches like the one Bank of America recently experienced.

Boeing Employees' Credit Union (BECU) is one of the largest credit unions in the U.S., but unlike some banks, isn't taking any chances where its data security is concerned.

The Tukwila, Wash.-based credit union encrypts all its data written to tape using Decru Inc.'s DataFort T-Series storage security appliances, to protect against theft or unauthorized access, regardless of where its tapes are stored.

"There's been a heightened sense of attention in this area because of a lot of security breaches … and there may be future legislation," said Daniel Chow, IT systems and security engineer at BECU.

About a year ago, the company took a look at disk-based storage encryption, but quickly realized the real vulnerability in its system was around data leaving the company's sites on backup tapes. BECU employs Iron Mountain Inc. to truck its tapes off site for long-term archival, and 30 different express courier services to transport tapes from four major sites to BECU's disaster recovery site.

Related articles

Banks mull data security in wake of missing tapes

Make sure you inventory your tapes

A two-dimensional approach to storage security

How long does tape last, really?
"We realized our data was constantly in transit … We knew the Iron Mountain tapes were secure, but our regular couriers are not specialized," Chow said. The company underwent a two-month evaluation process to find a solution to encrypt all its data.

BECU maintains over 60 terabytes (TB) of stored data on Hewlett-Packard Co. (HP) storage split between several SAN islands. A Brocade and HP-based backup environment supports full and incremental backups of over 3 TB of data per day.

BECU wanted to avoid software-based encryption products that require integration at the server or database level. "These solutions cause bottlenecks at the server, whereas a hardware-based security appliance can be isolated from other infrastructure making it more secure," according to Chow.

The company bought six Decru DataFort T-series appliances that are connected to switches in clusters to provide high availability and failover. All data flowing from the primary Windows and HP-UX servers is encrypted by DataFort at wire-speed and then written to tape in a secure format. Decru's Lifetime Key Management system automatically archives all encryption keys to a third location so that the data is recoverable in the event of a disaster.


During the installation process, BECU ran into some problems hooking up the DataFort appliances to its HP equipment. The DataFort did not recognize HP's Fibre Channel to SCSI bridge, but this was eventually resolved. "The SAN environment is very complicated already, but we had help from Decru's engineers to get it working," Chow said. He admits the product is expensive, but claims his company is willing to spend the money to preserve the company's name. "We would be unable to operate without the trust of our customers," he said. Decru pricing starts at around $20,000 for a single appliance.

Chow said he is hoping Decru will add support for WORM and optical platters to its product and would like to see it tied in to an ILM offering so that they are able to move data around more effectively. "Decru needs more vendor support and forums of user groups where we can talk to other users," he added.

Jon Oltsik, senior analyst with Enterprise Strategy Group, noted that BECU is one of the first financial institutions to speak publicly about its encryption process, but that banks everywhere are either evaluating this technology or deploying it. "Given the insecurity of the entire off-site tape rotation process, tape encryption should be a minimum requirement for all financial institutions," he said.

Click here for more of today's news.

Dig Deeper on Tape backup and tape libraries

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.