Scalability: Determine the predictability of your data growth. Data backup software and tape encryption products typically offer a smoother growth curve, while appliances follow more of a step function.
Key management needs: From a security best practices perspective, encryption key management should be an independent entity from backup. But due to complexity and organizational limitations, backup administrators often involuntarily become their company's encryption key manager, meaning there are many cases where only one key is in place for all backups. If and when organization policies mature in the future, does your new solution have key management capabilities to accommodate them?
Economic tape drivers: Organizations typically upgrade tape drives on a three to five year cycle, but tape library cycles usually stretch from five to seven years or longer. Unless you're at the right point in your technology depreciation and refresh cycle, tape drive encryption may not be a feasible option for your company.
Operational integration and management: All encryption options have some operational impact, but the specifics vary. Tape drive encryption, for example, is simple from a physical integration perspective, but its success depends on some degree of backup software support (from basic hardware support to full key management control). Appliances are often transparent to the backup app, but require their own operational procedures to be integrated with the rest of the infrastructure. In all circumstances, the impact on disaster recovery (DR) and archiving practices, and the challenges of managing encrypted and unencrypted tapes, must be addressed.
Ultimately, the selection of your tape encryption solution depends on the following:
- How serious your organization is about security
- Heterogeneity of your environment
- Volume of data involved
- Organizational structure
- Existing infrastructure
- Budgetary constraints
Overall, data backup security is increasingly critical and encryption is a vital component, but tape encryption is more akin to marriage than a casual relationship. So it's important to know what your requirements are for your organization and to carefully consider all factors before choosing a tape encryption solution for your company.
This article originally appeared in Storage magazine.
James Damoulakis is CTO of GlassHouse Technologies, an independent storage services firm with offices across the United States and in the UK.
This was first published in November 2009