We help IT Professionals succeed at work.

We've partnered with Certified Experts, Carl Webster and Richard Faulkner, to bring you a podcast all about Citrix Workspace, moving to the cloud, and analytics & intelligence. Episode 2 coming soon!Listen Now


Data Storage Encryption

bndit asked
Medium Priority
Last Modified: 2013-11-15
We need to implement data encryption for our backup tapes on and off site.

Could someone point me in the right direction? What are the best practices for data storage encryption?
Watch Question

You really have three options.

1) Software encryption at the OS layer (Encrypted File System on Windows, or a PGP like software)
2) Wire encryption from a company like Decru (www.decru.com) now owned by NetApp. They encrypt data going across the wire to tape and decrypt going back to the server.
3) A Security Appliance + Software like Vormetric (www.Vormetric.com) This is more complicated because it has a software module and an appliance. However you have a very granular control and audit mechanism.

While there are other companies out there these solutions come to mind as best of breed.

Best practices really fall into the category of what you are tying to secure and the size of your organization.  If you have a small number of servers 1-5 you may choose option 1 above because of cost and complexity to roll out anything else. If you have a midsize organization that can afford options 2 or 3 you now have to consider is encrypting the data pipe enough.

The question for larger organizations becomes, what is it that I am trying to protect? It sometimes is not adequate to just encrypt data on tape and you need to extend the security infrastructure around business process. Vormetric and companies in that space excel at providing a total security solution.


PS I don not work for any of these companies.

Not the solution you were looking for? Getting a personalized solution is easy.

Ask the Experts

Usually, encryption functionnalities are included directly in the backup software. I use arcserve, and it let me encrypt the tape while I'm backing up data on it.


I'm running Veritas 9.1 at the present time and we're thinking of going to Veritas 10D. I don't believe Veritas 9.1 has the encryption ability.

From what I'Ve read, you can password protect your tape with Backup exec, but this isn't the same as encryption. You need Veritas NetBackup for this, but I never tried it..

How much data are we talking about?


We're talking about 400-500GBs.
Wow. I am encrypting a 250GB hard drive right now. It takes 5-6 days with PGP. I am already into the 3rd day.

To handle that much data, I would suggest you to use your Veritas to password protect your tapes.

What kind of data are we talking about? You may want to revisit and see if you truly need to encrypt all 400GB.
I literally just completed a Decru implementation today- it is unbelievably easy and comprehensive.

They just came out with a SCSI pass-through device that lists at $15K.  It encrypts but doesn't reduce the speed of the backup.

Cool stuff.

Access more of Experts Exchange with a free account
Thanks for using Experts Exchange.

Create a free account to continue.

Limited access with a free account allows you to:

  • View three pieces of content (articles, solutions, posts, and videos)
  • Ask the experts questions (counted toward content limit)
  • Customize your dashboard and profile

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.


Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.