News Stay informed about the latest enterprise technology news and product updates.

Data encryption: Two users speak out

So many organizations have lost data when tapes were lost during offsite transport or when a laptop was stolen, that unencrypted data represents a major risk.

Data encryption is becoming a necessity in backup software. So many organizations have lost data either when tapes were lost during offsite transport or when a laptop was stolen, that it represents a major risk for many organizations.

Robert Stephenson, IT manager for Lewiston State Bank in Utah, was worried about the safety of his bank's data.

More on backup security
Tape encryption FAQ

Choosing a tape encryption product

How archiving and encryption impact backup

Ten ways you can make your data backups more secure
Like so many other IT administrators, Stephenson had suffered from data loss. Stephenson was backing up data for 20 servers to tape and transferring tapes offsite each day for disaster recovery -- he was concerned about it every step of the way.

"We were having problems with tape being couriered back and forth between our banking sites," says Stephenson. "We had no encryption, and one of the drivers actually lost a tape in his car one day. That almost caused us to shut the bank down in case the data got out."

Stephenson needed a secure method of backing up his data -- one that let him encrypt data while it was being backed up. It also needed to be in compliance with banking industry regulations..

He chose i365 (a Seagate company, formerly EVault), with its EVault Express Recovery Appliance, which vaults data from branch offices to an appliance in Lewiston and then to an EVault site in Scottsdate, Ariz. The EVault software encrypts data using FIPS-approved AES encryption.

University's HIPAA data a concern

Corey Grone, IT manager at the University of Pittsburg in Pennsylvania is another user for whom encryption played a major part in his selection of a backup vendor. Grone chose EMC Corp.'s MozyPro to back up 70 laptops and desktops.

"Encryption of data was a big concern for us," says Grone. "We investigated Mozy and did our due diligence there. Some of the features that met our requirements were the encryption of data in transit, and also the ability for us and our users to create their own encryption keys and guaranteeing the privacy of their information.

Grone took HIPAA privacy concerns into account in choosing Mozy. "Mozy had a public statement regarding HIPAA privacy that met our requirements," he says.

Mozy uses AES encryption as well as 448-bit Blowfish encryption. Encrypted files are transferred via a 128-bit SSL connection.

A variety of different products are available for encrypting data ranging from self-encrypting hard drives to encryption appliances to encryption options in traditional backup software.

Hitachi Global Storage Technologies announced an encrypting hard drive last month, which it calls Travelstar. The drive is a 5,400 rpm Serial ATA II drive that features Bulk Data Encryption -- data is encrypted with an encryption key. When the encryption key is deleted, data becomes unreadable and drive decommissioning is unnecessary. Seagate also complemented the Hitachi drives with some of its own; the company is shipping 7,200 rpm 320GB drives that use McAfee software for encryption.

In the appliance arena, NetApp continues to ship its DataFort appliances. These appliances, acquired from Decru, provide across-the-wire encryption of data for either tape- or disk-based backup. In addition, NetApp and Brocade have partnered to deliver Fibre Channel fabric-based encryption. In these implementations, NetApp's DataFort encryption and its key management services have been integrated into a Brocade switch and blade.

Finally, backup software such as CommVault's Simpana and EMC's Legato NetWorker have incorporated encryption options into their software. Virtually no backup software exists that doesn't have an encryption option -- CA's ARCserve Backup, IBM Corp.'s Tivoli Storage Manager and Symantec Corp.'s Veritas NetBackup all support encryption if users want it. Tivoli Storage Manager's encryption only enables encryption on IBM's TS1120 Tape Drives. CA's encryption is included in ARCserve as a standard feature.

NetBackup supports encryption at the client as part of the standard package. A Media Server Encryption Option (MSEO) is also available, which encrypts at the NetBackup media server layer. It includes a Key Management Server for centralized key management and is a chargeable option that consists of two components: a $10,000 option for the MSEO Key Management Server, and between $2,500 and $27,000 per master/media server depending upon operating system and server type. NetBackup also includes a key management service for LTO-4 and IBM TS1120 tape drives that is included at no charge.

About this author: Deni Connor is principal analyst with Storage Strategies NOW in Austin, TX.

Dig Deeper on Data backup security

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.