Securing Data Stored On Tape With Encryption: How To Choose the Right Encryption Key Management Solution



Similar documents
Solutions for Encrypting Data on Tape: Considerations and Best Practices

Energy Efficient Storage - Multi- Tier Strategies For Retaining Data

WHITE PAPER WHY ORGANIZATIONS NEED LTO-6 TECHNOLOGY TODAY

Quantum DXi6500 Family of Network-Attached Disk Backup Appliances with Deduplication

eztechdirect Backup Service Features

Introduction. Ease-of-Use

Online Backup Solution Features

Backup and Recovery: The Benefits of Multiple Deduplication Policies

Evolved Backup Features Computer Box 220 5th Ave South Clinton, IA

The ROI of Tape Consolidation

Enterprise Data Protection

nwstor Storage Security Solution 1. Executive Summary 2. Need for Data Security 3. Solution: nwstor isav Storage Security Appliances 4.

SVA Backup Plus Features

How To Backup Your Hard Drive With Pros 4 Technology Online Backup

Sales Tool. Summary DXi Sales Messages November NOVEMBER ST00431-v06

Quantum StorNext. Product Brief: Distributed LAN Client

DELL POWERVAULT LIBRARY-MANAGED ENCRYPTION FOR TAPE. By Libby McTeer

techsafe Features Technology Partners th Street - Vero Beach, FL (772) Page 1/

Data deduplication technology: A guide to data deduping and backup

Enterprise Key Management: A Strategic Approach ENTERPRISE KEY MANAGEMENT A SRATEGIC APPROACH. White Paper February

Accelerating Backup/Restore with the Virtual Tape Library Configuration That Fits Your Environment

secure Agent Secure Enterprise Solutions

Self-Encrypting Hard Disk Drives in the Data Center

DXi Accent Technical Background

RSA SECURE WEB ACCESS FOR HEALTHCARE ENVIRONMENTS

EMC VMAX3 DATA AT REST ENCRYPTION

Ensuring HIPAA Compliance with AcclaimVault Online Backup and Archiving Services

Extended Data Life Management:

Product Brief. DC-Protect. Content based backup and recovery solution. By DATACENTERTECHNOLOGIES

A Best Practice Guide to Archiving Persistent Data: How archiving is a vital tool as part of a data centre cost savings exercise

Ensuring HIPAA Compliance with Pros 4 Technology Online Backup and Archiving Services

D2D2T Backup Architectures and the Impact of Data De-duplication

Service Overview CloudCare Online Backup

White Paper FASTFILE / Page 1

Protecting Your Business from Costly Data Theft: Why Hardware-Based Encryption Is the Answer

Symantec Backup Exec 11d for Windows Servers New Encryption Capabilities

How To Store Data On A Disk Or Tape

Top 10 Reasons for Using Disk-based Online Server Backup and Recovery

ETERNUS CS800 data protection appliance featuring deduplication to protect your unique data

Scalar i500. The Intelligent Midrange Library Platform FEATURES AND BENEFITS

IBM Tivoli Storage Manager

More enhanced features.

Things You Need to Know About Cloud Backup

Informatica Dynamic Data Masking

Is online backup right for your business? Eight reasons to consider protecting your data with a hybrid backup solution

Kaspersky Lab s Full Disk Encryption Technology

Ensuring HIPAA Compliance with eztechdirect Online Backup and Archiving Services

Why cloud backup? Top 10 reasons

Solutions for Health Insurance Portability and Accountability Act (HIPAA) Compliance

Healthcare Compliance Solutions

Ensuring HIPAA Compliance with Computer BYTES Online Backup and Archiving Services

HIPAA Security Matrix

What You Need to Know About Cloud Backup: Your Guide to Cost, Security, and Flexibility

CYBER SECURITY: NAVIGATING THE THREAT LANDSCAPE

Oracle Database Backup Service. Secure Backup in the Oracle Cloud

EMC DATA DOMAIN ENCRYPTION A Detailed Review

WHITE PAPER. BIG DATA: Managing Explosive Growth. The Importance of Tiered Storage

RSA Solution Brief RSA. Encryption and Key Management Suite. RSA Solution Brief

Preemptive security solutions for healthcare

SMART. SIMPLE. SAFE. Imation RDX. removable hard disk storage system

SecureD Technical Overview

HIPAA COMPLIANCE AND DATA PROTECTION Page 1

A Strategic Approach to Enterprise Key Management

Healthcare Compliance Solutions

Securing Data in the Virtual Data Center and Cloud: Requirements for Effective Encryption

Paxata Security Overview

Using Data Encryption to Achieve HIPAA Safe Harbor in the Cloud

WHITE PAPER. HIPAA-Compliant Data Backup and Disaster Recovery

ACER ProShield. Table of Contents

WHITE PAPER. HIPPA Compliance and Secure Online Data Backup and Disaster Recovery

W H I T E P A P E R T h e C r i t i c a l N e e d t o P r o t e c t M a i n f r a m e B u s i n e s s - C r i t i c a l A p p l i c a t i o n s

Securing Data in the Cloud

Dell NetVault Backup Plug-in for Advanced Encryption 2.2. User s Guide

BACKUP ESSENTIALS FOR PROTECTING YOUR DATA AND YOUR BUSINESS. Disasters happen. Don t wait until it s too late.

Leading Autoloader Customer Purchase Requirements

A New Era in Data Protection. Enterprise-Class Data Backup for Smaller Businesses

Decrypting Enterprise Storage Security

Protecting Data with a Unified Platform

How To Backup To Tape With Tandberg Data Storage Solutions

RDX. removable hard disk storage system. smart. simple. safe.

WHITE PAPER. Storage Savings Analysis: Storage Savings with Deduplication and Acronis Backup & Recovery 10

White paper. Why Encrypt? Securing without compromising communications

The Shortcut Guide To

Complying with PCI Data Security

Quantum Q-Cloud Backup-as-a-Service Reference Architecture

Microsoft SQL Server 2008 R2 Enterprise Edition and Microsoft SharePoint Server 2010

Remote Data Management & Backup with Snap EDR

Online Transaction Processing in SQL Server 2008

ProtectV. Securing Sensitive Data in Virtual and Cloud Environments. Executive Summary

HIPAA COMPLIANCE AND

EMC Retrospect 7.5 for Windows. Backup and Recovery Software

Reduce your data storage footprint and tame the information explosion

WHITE PAPER. Is Online Server Backup Appropriate for Your Business?

MIGRATIONWIZ SECURITY OVERVIEW

Securing the Service Desk in the Cloud

How To Use Attix5 Pro For A Fraction Of The Cost Of A Backup

Securing data at rest white paper

An examination of information security issues, methods and securing data with LTO-4 tape drive encryption Introduction

Is it Safe? The business impact of data protection. Bruce Master IBM LTO Program

Transcription:

Securing Data Stored On Tape With Encryption: How To Choose the Right Encryption Key Management Solution NOTICE This Technology Brief may contain proprietary information protected by copyright. Information in this Technology Brief is subject to change without notice and does not represent a commitment on the part of Quantum. Although using sources deemed to be reliable, Quantum assumes no liability for any inaccuracies that may be contained in this Technology Brief. Quantum makes no commitment to update or keep current the information in this Technology Brief, and reserves the right to make changes to or discontinue this Technology Brief and/or products without notice. No part of this document may be reproduced or transmitted in any form or by any means, electronic or mechanical, including photocopying, recording, or information storage and retrieval systems, for any person other than the purchaser s personal use, without the express written permission of Quantum.

CONTENTS Why Encrypt Backup Tapes?.................................................3 The Importance of Encryption Key Management.................................3 Quantum Encryption Key Manager (Q-EKM).....................................4 Backup Application Managed Encryption.......................................4 Conclusion..............................................................5 Encryption Key Management 2

Data security breaches are becoming increasingly expensive for organizations, and a variety of industry analysts agree that the costs of such incidents will continue to rise for the foreseeable future. While the legal, administrative and technology expenses resulting from lost data are significant, a new study claims the most significant cost may well be found in customer churn rates. According to a study by The Ponemon Institute, data breaches now cost organizations an average of $197 per compromised customer record, up from $182 in 2006. Most of the cost $128 out of the $197 is from lost business and having to acquire new customers. Average total per-incident costs of data breaches in 2007 were $6.3 million, compared to an average per-incident cost of $4.8 million in 2006. The cost of lost business accounts for nearly two-thirds of that total an average of $4.1 million, which represents a 30 percent increase over the previous year. Analysts say the rise in customer churn is easily explained. Increasingly tech-savvy consumers are quick to abandon organizations that fail to protect personal information. And they aren t likely to come back, either. Gartner analysts, meanwhile, estimate that the cost of sensitive data breaches will increase 20 percent per year through 2009 as financially motivated targeted attacks become more prevalent and new vulnerabilities continue to be reported. The good news is that encryption can dramatically reduce, if not eliminate, the risk of a data security breach. Furthermore, many organizations already have the tools in place to encrypt sensitive data. Nonetheless, organizations should develop sound encryption key management processes to minimize administrative overhead and maximize the value of data encryption. Why Encrypt Backup Tapes? When it comes to data management, today s enterprises must balance a number of divergent requirements that often compete for priority. Government and industry regulations, as well as sound business practices, mandate data security and privacy, while day-to-day operations demand data protection and fast recovery. Many organizations routinely store backup tapes off site to meet operational requirements and business continuity objectives. However, backup tapes can easily be lost during transport, and remote storage facilities may lack adequate security. As a result, lost or stolen backup tapes are an all-toocommon vector for data security breaches. Backup and archival solutions are designed only to preserve data; they don t protect against unauthorized access. Only data encryption can effectively safeguard sensitive data by rendering it unreadable without access to the encryption key. That s why experts recommend encryption as part of the routine backup process. The Importance of Encryption Key Management All Quantum LTO-4 tape drives encrypt data using the 256-bit AES algorithm recommended by the U.S. government for top secret data. The keys generated by the 256-bit AES algorithm are random strings of 256 bits that are essentially impossible to decipher through brute force. The data is useless without the correct encryption key to unlock the data. Encryption Key Management 3

As a result, encryption key management plays a vital role in any encryption solution. Simply writing down each key and its associated pass code defeats the purpose of encryption. The keys associated with each data set must be stored in a secure manner to ensure data privacy and security. Users of Quantum LTO-4 tape drives have two options for encryption key management: Quantum Encryption Key Manager (Q-EKM) and the encryption key management functionality built into leading backup applications. Each option offers unique benefits. Choosing the right solution depends upon the storage infrastructure and volume of data to be protected. Quantum Encryption Key Manager (Q-EKM) Q-EKM is a proven, easy-to-use, library-managed encryption solution designed to protect sensitive data throughout the enterprise. The Q-EKM software, which may be implemented on either a Windows or Linux server, is designed to generate and communicate encryption keys. It selects a pre-generated key from its key store, encrypts the key for transport and sends it to the LTO-4 drive, which decrypts the key and uses it to encrypt or decrypt the data. The key is not stored on the tape drive; an alias is used to relate each data set to the appropriate encryption key. The encryption keys generated by Q-EKM are transferred to each tape library out of band that is, outside of the backup data path with no impact to backup performance. Q-EKM s out-of-band methodology eliminates same system restore requirements, and enables the centralized storage, management and protection of encryption keys supporting multiple libraries across the distributed network. Administrators don t have to learn, support and manage multiple encryption solutions. Q-EKM was designed from the ground up for encryption key management. It is easy to set up, integrates seamlessly into the existing backup environment, and scales easily to meet changing demands. It can also be implemented in a redundant, high-availability configuration that replicates the key store for maximum protection. Most importantly, Q-EKM s set and forget design eliminates the need for administrators to manually track encryption keys and pass codes. This hands-off approach is ideal for organizations that back up large amounts of data, or have multiple, geographically dispersed tape libraries. Backup Application Managed Encryption A number of leading backup applications including CommVault, EMC Insignia, HP Data Protector, Symantec Backup Exec, Tivoli Storage Manager and Yosemite support data encryption and encryption key management. These solutions generate encryption keys using the AES-256 algorithm and transfer them in band, ahead of the data to be backed up. The software keeps track of the encryption key along with other information about the data set. A password or pass phrase is assigned to each key in order to protect the data set records and prevent access to the encryption keys. As a result, backup applications require a more hands-on approach to encryption key management than the Q-EKM solution. Administrators must keep a log of the pass codes associated with each key in order to decrypt the data. Furthermore, backup application managed encryption is not centralized. Because the keys are transferred in band, the encryption key management process is tied to a particular media server. Encryption Key Management 4

However, backup application managed encryption can be very effective for organizations that have a single tape library and modest backup demands. The encryption key management process is already built into the infrastructure there s no need to purchase, learn and manage a separate encryption product. And pass code tracking can easily be added to existing tape and data set management processes. Conclusion Securing data from unauthorized access is a critical issue for businesses in all industries. Regulatory compliance and customer loyalty all depend on keeping sensitive information safe and secure. With tens of million customer records compromised each year many of them on backup tapes businesses must take steps to improve data confidentiality and integrity. Luckily, the data encryption capabilities built into every Quantum LTO-4 tape drive can help organizations prevent a costly and embarrassing security breach. The right encryption key management solution can help minimize the impact of encryption processes on IT operations. The encryption key management capabilities built into popular backup applications provide a cost-effective approach for organizations with a single tape library. For customers with multiple tape libraries distributed throughout the organization, Quantum s Q-EKM solution provides a robust, transparent, fully automated approach to enterprise encryption key management. For contact and product information, visit quantum.com or call 800-677-6268 Backup. Recovery. Archive. It s What We Do. About Quantum Quantum Corp. (NYSE:QTM) is the leading global storage company specializing in backup, recovery and archive. Combining focused expertise, customer-driven innovation, and platform independence, Quantum provides a comprehensive range of disk, tape, media and software solutions supported by a world-class sales and service organization. As a long-standing and trusted partner, the company works closely with a broad network of resellers, OEMs and other suppliers to meet customers evolving data protection needs. 2008 Quantum Corporation. All rights reserved. Quantum, the Quantum logo, and all other logos are registered trademarks of Quantum Corporation or of their respective owners. Protected by Pending and Issued U.S. and Foreign Patents, including U.S. Patent No. 5.990.810. WP00124 Aug 2008

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information