-by Carlos Martinez

One of the top storage security vulnerabilities for enterprises today is unencrypted tape. Most enterprises store tape cartridges off the premises as protection against site disaster. This is a good thing. But the unaccounted for cartridge vulnerability arises during transportation or at a 3rd party storage facility. Considering how much sensitive data can reside on a tape and the volume of cartridges handled, it is only a matter of time before some confidential data has unauthorized exposure. Regulations such as CA SB1386 require public disclosure when unencrypted data is lost or stolen. The majority of the states in the U.S. have similar laws. Even international companies doing business in the U.S. need to heed these laws.

In the 2007 the Ponemon Institute study found that only 11% were encrypting tape and it was single digit prior to that. One can assume that most of this tape encryption was software based. Tape encryption is a much more viable solution today because with embedded native hardware encryption, performance is not compromised and some suppliers including HP include encryption in the drive price. Actually the encryption is the easy part of the equation. What requires serious consideration is the key management system because the volume of the keys will multiple over time and data-at-rest keys can live for many years. Enterprise caliber key management systems addressing tape should integrate with LTO4 and be very automated, secure and redundant. Native tape encryption with solid key management will become standard practice in the enterprise in the not too distant future, and then we’ll see SMBs following right behind. Prevention of a breach is much less costly than addressing it after the fact.