Tape encryption is something no storage professional can afford to ignore. Protecting data at rest is now an imperative, for physical security, business confidence and legal compliance reasons.
Encryption is the standard means of achieving that aim. As old as war itself, encryption scrambles data so it cannot be read except by those possessing the right key.
Securing data at the tape drive is one choice among many in terms of where to carry out the encryption process, and offers several key advantages when designing an efficient backup process. Data can be encrypted at a number of stages in its journey: in the database; via so-called host-based encryption, which is effected by the backup software on the backup server; (less commonly now) by an appliance or switch in the data path; and, finally, at the target drive, which can be disk, although this article focuses on tape encryption.
Tape encryption vs host encryption
Tape encryption as a target-based encryption method has some advantages over other methods. Host-based encryption has to deal with large volumes of data on the fly and can be expensive in terms of compute power and can, if your backup server is underpowered, result in slower backups.
If you're considering encryption at the host, at the capacity planning stage you'll need to account for the additional load that encryption entails; you may need to specify an eight-core server instead of a four-core, for example. This solution is not cheap.
In contrast to encryption at the tape drive, encrypting earlier in the backup process offers some advantages. It certainly offers greater data protection if only for the simple reason that data is encrypted sooner and is therefore encrypted as it travels over the wire and before it hits the target. It also potentially makes encrypted data device-agnostic in that the data in that location is not tied to on-board encryption as it is with tape encryption.
By not just encrypting at the tape drive you can also gain control over which data is encrypted, allowing the deployment of a selective encryption strategy, of only protecting sensitive data, for example. Early encryption also offers greater control over the type and strength of encryption deployed, which may be mandated by legislative or standards compliance.
Logicalis UK is a Slough-based provider of data centre services. It uses tape encryption on its IBM tape drives because pushing encryption to the target is less demanding of processing power during the backup process.
CTO Simon Daykin sees performance as a critical issue, especially in a virtualized server environment and also because Logicalis' systems are designed to scale from its current few terabytes to multiple petabytes.
"In a heavily virtualised environment, if you use backup agents and encrypt in the virtual machines, encryption is a huge overhead. So we use line-speed tape encryption as we don't want the performance overhead on our storage backup platform, and we wanted linear scalability -- this was a critical consideration for us."
Tape encryption benefits and drawbacks
Encrypting at the tape drive offers the key benefit that it doesn't degrade backup window performance. Most tape drives offer hardware-based encryption, and offloading the work onto the target rather than doing it at the host or other device helps shorten the backup window because the processing involved in encryption is left until backup as such is over.
Encrypting at the final stage in the data copy/move process also makes more room earlier in the backup procedure for data deduplication to be used to multiply backup performance. It's a waste of time to deduplicate data then encrypt it rather than the other way round. That's because deduplication relies on the existence of duplicated data that can be replaced with tokens, so if you encrypt then deduplicate there will be little or no doubled-up data to work with.
Despite the boost in backup performance that results from performing encryption at the target, tape encryption also has drawbacks. To deploy it, you may need to upgrade your tape drives and possibly fix compatibility problems by, for instance, updating device drivers or changing drive settings in your backup software.
Tape encryption key management
All these preparations can be rendered null and void if encryption keys are mislaid or corrupted over the life span of the data, so key management in a large organisation is crucial but can be a complex process.
IT organisations need to develop a set of clearly defined, publicly accessible key management policies. They should describe who has access to which keys so that, for example, keys granting access to databases are held by the database administrators; they should also allocate duties such as storing, backing up, referencing and rotating encryption keys.
Because Logicalis needs to maintain separation between client data, it uses a different key for each client segment. All health sector customers share a key, for example, which ameliorates the scale of the key management task while also reducing exposure should a breach occur.
"We're protecting keys and managing how they're used," he said. "We have multiple key stores so that even if there were a breach to one system, all the keys would not be compromised. Multiple key stores are retained within the security domain of each [industry] sector."
Several methods of encryption are likely to be used in different circumstances and geographies, some mandated by law, others selected to satisfy economic or practical considerations. A key management system also needs to rotate keys on a regular basis. Someone needs to take responsibility for that, with responsibilities clearly allocated for key storage, backup and referencing.
No matter who takes responsibility for key management at an IT organisation, any key management system needs to be durable and take account of flaws in the product landscape. At the moment, this is a challenge because there is no standard for key management. Vendor strategies are not interoperable and products can change, losing backward compatibility in the process.
Daykin sees the lack of standards as a problem but has a strategy for managing the issue. "We use a combination of off-the-shelf software plus our own automation techniques," he said. "We have extended our data centre automation platform to do key management within the primary platform as it's such a fundamental function."
He added, "We also think tapes and data will be refreshed over time and the environment will be churned, so we maintain the keys together with the tape so they're both in the same retention cycle. It's a very recent setup for us, so it's not an issue right now."
Despite the lack of a standard for key management, help may be on the way in the form of the Key Management Interoperability Protocol (KMIP), which is under development by the Organization for the Advancement of Structured Information Standards (OASIS), an open standards industry body. OASIS is working "to define a single, comprehensive protocol for communication between encryption systems and a broad range of new and legacy enterprise applications" and while it hoped to arrive at a solution by the end of 2009, it has yet to do so.