The Key to Recovery

Quantum announced that they think 2006 will finally be a good year to market security for tape backups. They just announced that they will be ready in the first quarter of 2006 to provide an authentication (locking) mechanism tapes:

Quantum’s DLTSage Tape Security is a firmware feature designed into its newest DLT tape drives that uses an electronic key to prevent or allow reading and writing of data on to a tape cartridge.

Sounds interesting. The two big hurdles to encryption on tape have been how to handle key management and the performance hit. With key management integrated first, Quantum still has to generate some buzz about performance. They mentioned it briefly in their DLTSage announcement, but it sounds like they are still working on what to do with the technology in an appliance they acquired:

The DataFort appliance provides wire-speed, transparent encryption and access controls for disk and tape storage systems, delivering best-in-class security, performance and key management for heterogeneous storage environments. In addition to the joint sales and marketing efforts with Decru, Quantum also plans to offer tightly integrated encryption and security management capabilities within its product line.

Quantum could be hinting that their encryption appliances will give way to a more integrated solution, which sounds like a reasonable and well-worn approach to enhancing big company legacy products with innovation via acquisitions. If the integration is successful I expect we will find ourselves without any good reason not to encrypt at the block-level, especially on recovery systems. Until then, it seems we must continue file-level encryption prior to backup.

So, is a lock on a tape worth the hassle? It does not comply with breach-notification laws and yet introduces risk of lost keys, so there’s no real ROI there, but it does pre-stage the backup processes with tighter authentication. And that may be worthwhile if you can ensure that time spent on key management now will help reduce the cost of encryption down the road (when performance is a truly dead issue).

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.