In a previous blog posting (“Lost Backup Tapes Amount to Unlimited Liability; Best Options for Tape Encryption”), Howard and I discussed encryption alternatives and how to best protect data at rest on backup tapes in order to avoid unlimited liability. In it, we pointed out several avenues companies can adopt for tape encryption, including:
- Backup software
- Encryption appliances
- Tape drives
Our understanding of LTO-4 tape drive encryption is that individual tape drive vendors may encrypt data in different manners. We cautioned that if you have not standardized on an LTO-4 tape drive vendor, an LTO-4 tape cartridge encrypted by one vendor’s drive may not be readable on another’s LTO-4 tape drive. Our specific quote was “So even if all your tape drives are LTO-4, if they are from different vendors, an LTO tape encrypted by one tape drive may not work in another.”
This statement did not go unnoticed. We were recently contacted by the LTO Consortium and asked that we clarify our point. The Consortium explained that encryption on LTO-4 tape drives is part of a format specification and the encryption writing process is consistent across any vendors’ LTO-4 drives so as to provide the consistent ability to read encrypted cartridges regardless of which vendor’s LTO-4 drive is used. This means, according to the Consortium, that the encryption process should also complete successfully regardless of which vendor’s LTO-4 drive is used to encrypt the data. Our concern was that even though there is an encryption standard for LTO-4 tape drives, not every vendor always implements this standard in the same way-hence our cautionary statement.
We contacted Overland Storage to verify whether the LTO Consortium’s position matched the company’s experience. According to Peri Grover, Director of Product Management at Overland Storage, the terms “encryption” and “key management” are used interchangeably, so one is not possible without the other. She said it is the actual encryption key management that can cause interoperability problems between LTO-4 tape vendors-not the LTO-4 tape drives, with key management either hardware or software driven.
Encryption consists of two parts: an algorithm, such as Advanced Encryption Standard (AES) 256, and an encryption key. When you combine plain text with a key and put it through an encryption algorithm, the resulting output is encrypted cipher text. Without the encryption key, the cipher text is unreadable and cannot be decrypted. Wherever the data is encrypted, whether it is done through an LTO-4 tape drive, a software process or third-party appliance, the encryption key is needed to ensure data can be brought back into a readable format. DCIG has previously touched on the importance of proper key management in a separate entry (“Encryption and Encryption Key Management Becoming Mandates for Safe Harbor”), which emphasized the importance of knowing how encryption and key management are handled within your environment.
Losing an unencrypted backup tape can result in unlimited liabilities and costs. Numerous examples abound, the most recent being the theft of a non-encrypted tape that contained the personal data of current and former Bristol-Myers Squibb employees. Factor in an ever-increasing regulatory environment with a loss of customer confidence and the ensuing customer churn; the result can have devastating effects on a business if unencrypted tapes are lost. Despite these risks, the choice to encrypt backup tapes is a decision that companies must not take lightly. While storing unencrypted data on tapes is becoming an unacceptable risk, it is equally obvious that companies need to understand all components of the encryption process-down to the tape drives they use to encrypt the data-to have the best assurance they can recover the data again in the future.