White. Paper. The SMB Market is Ready for Data Encryption. January, 2011



Similar documents
A Comparative TCO Study: VTLs and Physical Tape. With a Focus on Deduplication and LTO-5 Technology

White. Paper. EMC Isilon: A Scalable Storage Platform for Big Data. April 2014

White. Paper. Benefiting from Server Virtualization. Beyond Initial Workload Consolidation. June, 2010

Symantec OpenStorage Date: February 2010 Author: Tony Palmer, Senior ESG Lab Engineer

Decrypting Enterprise Storage Security

ESG Report. Data Protection Strategies for SMBs. By Heidi Biggar Storage Analyst, Data Protection Enterprise Strategy Group.

How To Improve Storage Efficiency With Ibm Data Protection And Retention

The Shift Toward Data Protection Appliances

Debunking Five Myths About Tape Storage. Tech Brief. an Internet.com Tech Brief. 2011, Internet.com, a division of QuinStreet, Inc.

Disk-to-Disk-to-Tape (D2D2T)

Don't Wait Until It's Too Late: Choose Next-Generation Backup to Protect Your Business from Disaster

Field Audit Report. Asigra. Hybrid Cloud Backup and Recovery Solutions. May, By Brian Garrett with Tony Palmer

White. Paper. Improving Backup Effectiveness and Cost-Efficiency with Deduplication. October, 2010

Next Generation NAS: A market perspective on the recently introduced Snap Server 500 Series

Is online backup right for your business? Eight reasons to consider protecting your data with a hybrid backup solution

Research Report. Abstract: The Impact of Server Virtualization on Data Protection. September 2010

WHITE PAPER. HIPAA-Compliant Data Backup and Disaster Recovery

WHITE PAPER WHY ORGANIZATIONS NEED LTO-6 TECHNOLOGY TODAY

WHY CLOUD BACKUP: TOP 10 REASONS

Solutions for Encrypting Data on Tape: Considerations and Best Practices

This white paper describes the three reasons why backup is a strategic element of your IT plan and why it is critical to your business that you plan

Security Information Lifecycle

Does Tape Still Make Sense? An investigation of tape s place in a modern backup system. My 20

The 9 Ugliest Mistakes Made with Data Backup and How to Avoid Them

DELL POWERVAULT LIBRARY-MANAGED ENCRYPTION FOR TAPE. By Libby McTeer

EMC s Enterprise Hadoop Solution. By Julie Lockner, Senior Analyst, and Terri McClure, Senior Analyst

Storage Backup and Disaster Recovery: Using New Technology to Develop Best Practices

Why cloud backup? Top 10 reasons

Cyber Security: Guidelines for Backing Up Information. A Non-Technical Guide

When Good Backups Go Bad: Data Recovery Failures and What to Do About Them

The Case for Continuous Data Protection

The Data Center of the Future

White Paper. Experiencing Data De-Duplication: Improving Efficiency and Reducing Capacity Requirements

Research Report. Abstract: Endpoint Device Backup Trends. December By Lauren Whitehouse With Bill Lundell and John McKnight

Archive Data Retention & Compliance. Solutions Integrated Storage Appliances. Management Optimized Storage & Migration

Combining Onsite and Cloud Backup

Data Protection Services Should Be About Services, as Well as Data Protection Date: February 2013 Author: Jason Buffington, Senior Analyst

This ESG White Paper was commissioned by DH2i and is distributed under license from ESG.

White. Paper. Rethinking Endpoint Security. February 2015

Technology Fueling the Next Phase of Storage Optimization

BACKUP ESSENTIALS FOR PROTECTING YOUR DATA AND YOUR BUSINESS. Disasters happen. Don t wait until it s too late.

Leveraging EMC Deduplication Solutions for Backup, Recovery, and Long-term Information Retention

Accelerating Backup/Restore with the Virtual Tape Library Configuration That Fits Your Environment

Transporter from Connected Data Date: February 2015 Author: Kerry Dolan, Lab Analyst and Vinny Choinski, Sr. Lab Analyst

WHITE PAPER. The 5 Critical Steps for an Effective Disaster Recovery Plan

Archiving, Backup, and Recovery for Complete the Promise of Virtualization

SaaS with a Face: User Satisfaction in Cloud- based E- mail Management with Mimecast

The Essential Guide for Protecting Your Legal Practice From IT Downtime

Nexsan and FalconStor Team for High Performance, Operationally Efficient Disk-based Backup Date: August, 2009 Author:

Which Backup Option is Best?

Eight Considerations for Evaluating Disk-Based Backup Solutions

Symantec Backup Exec 11d for Windows Servers New Encryption Capabilities

Why is online backup replacing tape? WHITEPAPER

The next generation, proven, affordable way to protect business using disk-based recovery

Enterprise Key Management: A Strategic Approach ENTERPRISE KEY MANAGEMENT A SRATEGIC APPROACH. White Paper February

Backup & Disaster Recovery for Business

Let s Build a Better Backup

Computer Backup Strategies

DEDUPLICATION BASICS

Web Application Security Testing Tools and Services

BACKUP IS DEAD: Introducing the Data Protection Lifecycle, a new paradigm for data protection and recovery WHITE PAPER

White. Paper. Evaluating Sync and Share Solutions. Balancing Security, Control, and Productivity. September, 2014

Information Security Policy September 2009 Newman University IT Services. Information Security Policy

Research Report. Abstract: Trends in Data Protection Modernization. August 2012

Self-Encrypting Hard Disk Drives in the Data Center

Backup Software? Article on things to consider when looking for a backup solution. 11/09/2015 Backup Appliance or

Four Things You Must Do Before Migrating Archive Data to the Cloud

Research Report. Remote Office/Branch Office Technology Trends. July 2011

Which Backup Option is Best?

Which Backup Option is Best?

The State of Mobile Computing Security

Solution Brief. Introduction

What You Should Know About Cloud- Based Data Backup

2012 Endpoint Security Best Practices Survey

ESG REPORT. Data Deduplication Diversity: Evaluating Software- vs. Hardware-Based Approaches. By Lauren Whitehouse. April, 2009

Cloud, Appliance, or Software? How to Decide Which Backup Solution Is Best for Your Small or Midsize Organization.

Dell PowerVault DL Backup to Disk Appliance Powered by CommVault. Centralized data management for remote and branch office (Robo) environments

Solution Overview: Data Protection Archiving, Backup, and Recovery Unified Information Management for Complex Windows Environments

Disaster Recovery for Small Businesses

CIO BEST PRACTICE: Addressing 3 Common Enterprise IT challenges with a smart Data Protection Solution BEST PRACTICE.

White. Paper. Desktop Virtualization Efficiencies with Citrix and NetApp. October, By Mark Bowker

Using the Cloud: A Quick Guide for Small and Medium Businesses

Read this guide and you ll discover:

Quantum DXi6500 Family of Network-Attached Disk Backup Appliances with Deduplication

Computing: Public, Private, and Hybrid. You ve heard a lot lately about Cloud Computing even that there are different kinds of Clouds.

Inside Track Research Note. In association with. Enterprise Storage Architectures. Is it only about scale up or scale out?

Business-centric Storage FUJITSU Storage ETERNUS CS800 Data Protection Appliance

SUBJECT: SECURITY OF ELECTRONIC MEDICAL RECORDS COMPLIANCE WITH THE HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT OF 1996 (HIPAA)

Storage Options for Document Management

Business-Centric Storage FUJITSU Storage ETERNUS CS800 Data Protection Appliance

Keys to Successfully Architecting your DSI9000 Virtual Tape Library. By Chris Johnson Dynamic Solutions International

How To Choose Between A Phone System For A Business

ScoMIS Remote Backup Service

Top 10 Reasons for Using Disk-based Online Server Backup and Recovery

Off-site data backup for MSPs. Richard Tubb

Local Government Cyber Security:

W H I T E P A P E R R e a l i z i n g t h e B e n e f i t s o f Deduplication in a Backup and Restore System

Protecting Your Business from Costly Data Theft: Why Hardware-Based Encryption Is the Answer

Roger s Cyber Security and Compliance Mini-Guide

Transcription:

White Paper The SMB Market is Ready for Data Encryption By Mark Peters January, 2011 This ESG White Paper was commissioned by Tandberg Data and is distributed under license from ESG. 2011, Enterprise Strategy Group, Inc. All Rights Reserved

White Paper: The SMB Market is Ready for Data Encryption 2 Contents The SMB Market, Security, and Encryption... 3 What Data Should be Encrypted... 3 Choosing Where to Encrypt... 4 Methods of Encryption... 5 Host-based/Software Encryption... 5 Standalone Encryption Switches and Appliances... 5 Tape Drive Encryption... 5 Disk Drive Encryption... 6 Encryption: A Decision Aid... 6 The Bigger Truth... 7 All trademark names are property of their respective companies. Information contained in this publication has been obtained by sources The Enterprise Strategy Group (ESG) considers to be reliable but is not warranted by ESG. This publication may contain opinions of ESG, which are subject to change from time to time. This publication is copyrighted by The Enterprise Strategy Group, Inc. Any reproduction or redistribution of this publication, in whole or in part, whether in hard-copy format, electronically, or otherwise to persons not authorized to receive it, without the express consent of the Enterprise Strategy Group, Inc., is in violation of U.S. copyright law and will be subject to an action for civil damages and, if applicable, criminal prosecution. Should you have any questions, please contact ESG Client Relations at (508) 482-0188.

White Paper: The SMB Market is Ready for Data Encryption 3 The SMB Market, Security, and Encryption Small to medium-size businesses (SMBs) are now facing many of the same security challenges larger businesses have faced for decades. Regardless of their size ( since SMB can cover a wide range of operational sizes), virtually all companies in the space are in need of simplification to implement increasing security requirements, such as those laws and regulations mandating certain levels of protection for sensitive or confidential data. As is the case with large enterprises, data security is no longer an optional nice to have for the SMB market. Until recently, SMBs have been less inclined or able to take the necessary steps to protect against data breaches for a number of reasons that typically include some or all of the following: Smaller security budgets Shortage of dedicated IT personnel Limited experience with or knowledge of security solutions Some of these obstacles may have prevented SMBs from implementing new security technologies such as data encryption, the process of scrambling digital information to make it unreadable. Data can only be unlocked or decoded if a user, application, or device is provided with the required encryption key. Encryption key management (EKM) is typically a software program that runs on a PC or server (either dedicated or shared) that provides the keys for the purpose of encrypting or decrypting data. All encryption users should remember that encrypted data is useless if the key is lost; it is critical that the encryption key database is backed up regularly and that a copy is also stored securely offsite. In short, it is absolutely true that key management is the key to the successful use of encryption. While implementing encryption demands some effort, the mandates and motivations to do so are increasing. For instance, many countries have implemented laws requiring organizations to inform all affected parties if and when personal information is compromised. The costs of such a process are direct, but can also include damaged reputations and even additional penalties or at the extreme imprisonment. The good news is that recent developments in encryption have yielded a mature set of solutions and made a very high level of data security much easier and more affordable to attain for SMBs. Given the increasing criticality of data and data protection, the landscape and need for encryption (tape based or otherwise) is now moving beyond the enterprise and into the SMB market. What Data Should be Encrypted In order to comply with regulations or respond to the threat of potential data breaches, many SMBs are now implementing tape encryption for the storage of backup and archive data offsite. Approaches to this vary: For many users, the simplest and certainly very effective approach is to encrypt all data stored offsite; in their view, it makes no sense to attempt to decide what data should be encrypted and what should not be. Other users have decided to implement a tiered approach with their most highly sensitive data (in other words, data which would be costly or damaging to if lost) being encrypted first and other data being encrypted as appropriate to its confidentiality. Users are certainly aware of the issue, as two pieces of ESG research demonstrate. ESG s 2011 spending intentions survey asked respondents to rank a multitude of top IT priorities through 2011 and 2012: for midsized companies (defined as those employing 100-999 people), information security initiatives were ranked number two out of more than 20 priority activities. 1 As to how much data is confidential, ESG s research shown in Figure 1 indicates that half of all enterprises believe that more than half of their data falls into that category. 2 1 Source: ESG Research Report, 2011 IT Spending Intentions Survey, January 2011. 2 Source: ESG Research Report, Protecting Confidential Data, Revisited, April 2009.

White Paper: The SMB Market is Ready for Data Encryption 4 Figure 1. Percentage of Organizational Data Considered to be Confidential Approximately what percentage of your organization's total data (i.e., all files, objects, and database information) would you consider to be confidential? (Percent of respondents, N=308) Don't know, 2% More than half, 50% Less than half, 48% Source: Enterprise Strategy Group, 2011. Even confidential data can be further classified; in practice, some businesses often choose to encrypt their regulated data first since managing the keys and the overall encryption process can become complex for large amounts of data. Depending on the amount, other businesses may want to consider encrypting just about everything in order to simplify the management challenges of classification and determining what to encrypt. New technologies continue to make encryption less expensive and easier to implement than in the past. Encryption is also used extensively to protect archival data. Numerous government regulations and business practices often demand long-term records retention (periods of more than 20 years are not uncommon) and a growing amount of data will be kept forever. Since tape media is commonly used for data archiving, tape encryption can be utilized to keep the data confidential and tamper-proof throughout its lifecycle. In an archiving application, tape encryption must be supported with key management features built for the lifecycle of encrypted data. In many industries, regulations often state how long data must be stored and protected, but in some industries these regulations also state that, after a period certain, data must be destroyed. This can create a problem if a user s data is all securely stored offsite as deletions (full or partial) can be time-consuming and expensive. However, by deleting the appropriate encryption key, the relevant data is effectively destroyed because it can never be read; interestingly, key deletion can be implemented as an effective management technique to control the lifecycle of data stored offsite. Choosing Where to Encrypt Once a user has determined the need for encryption, the next decision point is to decide where encryption should take place: At the server (processor) At the data path (switch or appliance-based) At the hardware (tape drive or disk drive) Encryption and decryption are compute-intensive activities that can slow access to stored data, especially when storing and accessing large amounts of information. However, most servers average less than 30% busy, so encryption overhead may or may not be an issue depending on when it is used.

White Paper: The SMB Market is Ready for Data Encryption 5 Although encryption doesn t help protect against device failures, worms, or viruses, it does address data loss, theft, intrusion, the growing spy-ware problem, lost PCs and personal digital appliances, or lost digital media (as confiscated data that is encrypted is virtually impossible to decrypt). Poor implementation of a tape encryption solution may result in over- or under- protected data, degraded application performance, or service interruption. Trade-offs certainly exist and, regardless of where a user chooses to encrypt, the key management process must be evaluated to determine which method will best work for any given business. Methods of Encryption It is now worth examining each method of or location for encryption in a little more detail: Host-based/Software Encryption With host-based encryption, servers encrypt data before it goes to the IO interface and device. Therefore, data is always encrypted in transit and at rest as it goes to and from tape or disk, making it possibly the most secure encryption technique. That said, host-based encryption uses host processor cycles that are potentially taken away from other host-based applications. This issue can itself be minimized by using a product/system that compresses data before it is encrypted, since rather obviously compressed data is smaller which reduces the bandwidth required to transfer it. Many existing or currently installed backup packages already offer encryption capabilities, thus avoiding any incremental costs. Host and appliance vendors should ensure that their products first compress and then encrypt data on its way to tape; however, it is advisable to always verify this since encrypted data is functionally uncompressible. Standalone Encryption Switches and Appliances With standalone encryption, all data passes through a switch or appliance that sits between the server and the tape or disk drives where it normally undergoes compression and encryption in the process. These special-purpose appliances are placed between the storage devices (normally tape and disk) and the server running the applications that are requesting encrypted data. The appliance encrypts all data going to storage and decrypts data going back to the applications achieving this by monitoring all file access attempts. Unlike host-based encryption, encryption appliances protect data at rest, but not throughout the entire data path. Tape Drive Encryption Many tape drive manufacturers are implementing encryption via an ASIC in the tape drive, similar to the way tape compression was implemented in the mid-1980s. Device-level encryption offers the highest performance levels. In addition, compression has been a de facto standard on most tape drives for many years. Making the choice to encrypt data on tapes is invariably a fairly easy decision, especially if the cartridges are expected to be at all mobile and/or moving to offsite locations. Because the encryption capability is built into the drive itself, backup servers and networks don't experience any performance impact. Encrypting at the tape and disk drive level yields encryption for data at rest, but does not protect data in transit. Tape drive encryption is also proprietary, so having tape drives from multiple vendors can increase management complexity. A few vendors offer library managed encryption (LME) to establish encryption policies and manage the transfer of encryption keys from the encryption key manager to the library tape drive(s). LME is typically found only in enterprise environments because it can prove expensive and complex and there can be compatibility issues between vendor drive types. Most SMBs use a software application (typically backup software) to manage the transfer of encryption keys from the application to the tape drive or library tape drive(s). Encryption support for tape is included free with many backup software applications, making it the preferred solution for SMBs. The use of tape is already well understood: tape is primarily used as a secondary storage medium for compliance and protecting data stored offsite (in case of, for instance, fires and floods). Tape is also use to reduce the overall cost of storage within data centres. It combines high capacity, a small form factor, reliability, and low cost of

White Paper: The SMB Market is Ready for Data Encryption 6 ownership with a long shelf life (30 years is the number usually quoted). Tape forms the last line of defence in many disaster recovery plans because it is tried-and-tested and because it works. Tandberg is a reputable supplier of tape encryption products, which it enhances with interoperability testing, software certification (such as Symantec Backup Exec), and an extensive support organization. Disk Drive Encryption While RAID and mirroring policies can address hardware device failures, encryption attempts to address the problems of data loss and data theft by storing data in a useless (at least to anyone other than the legitimate user) format. In general, it is more difficult to decide which data to compress on disk drives. For disk drives used in response-time sensitive applications, drive level encryption can cause performance degradation and its impact should be carefully evaluated. Encrypting removable disk drives has the most compelling case, of course, since the drives are a form of mobile storage and hence more easily subject to loss or theft. Disk drive encryption is also proprietary and having disk drives from multiple vendors can increase management complexity. Clearly, there s a lot to consider. While many users opt to encrypt at an application level, there are still the pros and cons of the various approaches to consider. Table 1 offers a quick summary guide to the inevitable trade-offs between the various encryption alternatives. Encryption: A Decision Aid Table 1. Summary of Considerations When Deciding on Which Encryption Approach to Employ A Location Advantages Disadvantages Host-based software Switch or appliance Storage device: embedded in tape or disk drive Lower cost method Many existing backup packages offer encryption Implementation often easier for SMBs Protects data in transit and data at rest Operating system-, server-, and storage device-independent Heterogeneous protection across existing drives Highest performance levels Perfect for offsite data at rest Server and appliance independent Entire cartridge or drive encrypted Scales linearly with each drive Increases processor overhead Reduces data transfer times All servers (local and remote) must run same software Prevents lock-in with a specific hardware storage vendor Usually higher cost Increases number of appliances to manage as storage grows Proprietary solution Not a solution for legacy tape/disk systems Adds complexity when mixed storage vendors present Only protects data at rest Source: Enterprise Strategy Group, 2011.

The Bigger Truth White Paper: The SMB Market is Ready for Data Encryption 7 The growing number of security threats, continued economic uncertainty, and a steady number of both high-profile and publicly-disclosed breaches strongly indicate that the regulations for both government and industry data security requirements will only become more stringent. Security technologies like encryption provide the most value when they are implemented effectively and are integrated with ongoing IT operations. Put colloquially, scrambling data is proving to be easier than preventing its theft. Encryption makes excellent sense for data stored on tapes, PCs, and any mobile appliances containing important information as this data is at high risk. More generally (as Figure 1 showed), organizations consider roughly half of all their data to be confidential in other words, it is presumably worthy of protection even where that protection has not been legally mandated. As a result, encrypting data is steadily gaining momentum and expanding its reach beyond large enterprises and into the SMB market. As the value of data grows every day, users should expect the need to protect data with encryption to do the same. Clearly, Tandberg Data is focused on delivering tape-based encryption solutions but it also understands the broader necessity to publicize the need for encryption and encourage its adoption wherever necessary. As with any vendor committed to thought leadership, it knows that a rising tide raises all boats and (while not seeking charitable status!) it is in everyone s interest at least anyone that has a bank account, buys anything in a store, has a cell phone, or conducts any business online to promote the appropriate adoption and persistent use of data encryption.

20 Asylum Street Milford, MA 01757 Tel:508.482.0188 Fax: 508.482.0218 www.enterprisestrategygroup.com

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information