Skip to content

Why You Should Encrypt Your Backup Tapes

by on November 3, 2010

Companies are storing more and more data for longer and longer periods of time. A number of factors are contributing to that trend, not the least of which is increased government regulation and the growing demand for electronic information in court cases. The problem with holding on to data longer is that it prolongs the time for which something bad can happen to the data, such as a data breach.

Data_encryption It shouldn’t surprise anyone that the cost of data breaches has increased as government action regulating them has increased. Since 2006, data breach costs per customer record have jumped from $186 to $204 in 2009, according to the Ponemon Institute.

Nor should it astonish—considering that many of the new mandates on businesses require public disclosure of security snafus—that the biggest chunk of those costs can be attributed to customer churn.

One way for a business to control the damage from a data breach is to encrypt its data. That way, even if unsavory characters get their hands on the data, they won’t be able to read it. Even organizations that routinely encrypt their data usually omit one area from their encryption plans: their tape backups.

That might not be such a good idea.

Unless you are using a solution that virtually guarantees you’ll never lose another backup tape 🙂 , tapes get lost. Just ask the IT folks at South Shore Hospital in Weymouth, Mass. In July, its data managment company lost a backup tape with the personal health and financil records of some 800,000 people. Or ask Idaho Power. In August, information about 380,000 of its employees was on a tape lost by its health plan provider, Mercer Health & Benefits.

Fortunately for IT managers, it’s easier than ever to encrypt tape data, especially as they upgrade to newer drives. All LTO-4 and LTO-5 tape drives encrypt data using the very strong 256-bit AES algorithm. What continues to be a problem for organizations, though, is managing the keys needed to decrypt the tapes.

Some solutions have been released in the market that make that process less of a chore, but a real breakthrough appeared last month. OASIS, a consortium of more than 30 companies, announced the final version of its Key Management Interoperability Protocol (KMIP). The standard allows key management systems and cryptographic applications to communicate with each other.

“KMIP enables a new generation of enterprise key management, fully interoperable across the broad range of cryptographic capabilities that are required for effective security,” OASIS KMIP Technical committee Co-chair Robert Griffin said in a statement.

“KMIP’s approval as an OASIS Standard represents a milestone for all enterprises that are concerned with the security of their information, identities, and infrastructure,” he added.

Is tape manmagement a concern in your organization? How do you currently track, move, and protect backup tapes? Do you think this new standard will be adopted widely?

Leave a Comment

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: