[nylug-talk] Recommendations for encrypted tape drive(s)?

[Peter C. Norton]

On Tue, Mar 04, 2008 at 12:42:20PM -0500, Sunny Dubey wrote:
> On Tuesday 04 March 2008 12:28:05 pm Chris Knadle wrote:
> > ? ?So for all of these reasons I would personally tend to have more faith
> > in a software encryption solution rather than a hardware one, even with the
> > obvious downsides. ?I'm not making a recommendation of one over the other
> > overall, though. ?I don't have a lot of experience with tape drives, and no
> > personal experience with tape drives that do internal encryption.
> 
> I have very similar sentiments.  I have limited experience with tapes as well, 
> but I think of additional tape functionality as a lot like RAID:  Much of 
> what used to be done in hardware, is now done with software with little 
> differences.

One of the considerations is how many TB you're backing up a night,
worst case. If you're backing up 30tb, then for software encryption
that's not part of the backup product, you need a holding disk big
enough to put the tarball, and an encrypted copy for verifcation,
which starts to get expensive.

Another consideration is key escrow. For a company that's planing to
grow it's important to have something that stores the keys and
protects them and makes them recoverable in an understandable way
(eg. encrypted tapes should't be restored under the control of the SA
or SA manager, but one of them and the COO or something like that
should be required, and at the same time the COO (or someone)
shouldn't be able to take a tape home and restore customer data by
himself in the weeks before deciding to resign, etc.

There are other logistical considerations beyond software
vs. hardware, and when you talk to anyone selling a solution, you'll
get to see what problems they've solved and how they compare to others
in the field.

-Peter

-- 
The 5 year plan:
In five years we'll make up another plan.
Or just re-use this one.