• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 692
  • Last Modified:

Data Storage Encryption

We need to implement data encryption for our backup tapes on and off site.

Could someone point me in the right direction? What are the best practices for data storage encryption?
0
bndit
Asked:
bndit
  • 2
  • 2
  • 2
  • +2
1 Solution
 
PraxumCommented:
You really have three options.

1) Software encryption at the OS layer (Encrypted File System on Windows, or a PGP like software)
2) Wire encryption from a company like Decru (www.decru.com) now owned by NetApp. They encrypt data going across the wire to tape and decrypt going back to the server.
3) A Security Appliance + Software like Vormetric (www.Vormetric.com) This is more complicated because it has a software module and an appliance. However you have a very granular control and audit mechanism.

While there are other companies out there these solutions come to mind as best of breed.

Best practices really fall into the category of what you are tying to secure and the size of your organization.  If you have a small number of servers 1-5 you may choose option 1 above because of cost and complexity to roll out anything else. If you have a midsize organization that can afford options 2 or 3 you now have to consider is encrypting the data pipe enough.

The question for larger organizations becomes, what is it that I am trying to protect? It sometimes is not adequate to just encrypt data on tape and you need to extend the security infrastructure around business process. Vormetric and companies in that space excel at providing a total security solution.

Paul

PS I don not work for any of these companies.
0
 
Yan_westCommented:
Usually, encryption functionnalities are included directly in the backup software. I use arcserve, and it let me encrypt the tape while I'm backing up data on it.
0
 
bnditAuthor Commented:
I'm running Veritas 9.1 at the present time and we're thinking of going to Veritas 10D. I don't believe Veritas 9.1 has the encryption ability.
0
Free recovery tool for Microsoft Active Directory

Veeam Explorer for Microsoft Active Directory provides fast and reliable object-level recovery for Active Directory from a single-pass, agentless backup or storage snapshot — without the need to restore an entire virtual machine or use third-party tools.

 
Yan_westCommented:
From what I'Ve read, you can password protect your tape with Backup exec, but this isn't the same as encryption. You need Veritas NetBackup for this, but I never tried it..

http://www.veritas.com/Products/www?c=option&refId=195&productId=2
0
 
PaperTigerCommented:
How much data are we talking about?
0
 
bnditAuthor Commented:
We're talking about 400-500GBs.
0
 
PaperTigerCommented:
Wow. I am encrypting a 250GB hard drive right now. It takes 5-6 days with PGP. I am already into the 3rd day.

To handle that much data, I would suggest you to use your Veritas to password protect your tapes.

What kind of data are we talking about? You may want to revisit and see if you truly need to encrypt all 400GB.
0
 
gdekhayserCommented:
I literally just completed a Decru implementation today- it is unbelievably easy and comprehensive.

They just came out with a SCSI pass-through device that lists at $15K.  It encrypts but doesn't reduce the speed of the backup.

Cool stuff.

Glenn
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

  • 2
  • 2
  • 2
  • +2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now