Safe and Sound

With a dizzying array of new encryption options on the market, which one is right for you?

1 2 3 4 Page 2
Page 2 of 4

"There is still no right way to apply encryption," says Jon Oltsik, an information security analyst at Enterprise Strategy Group Inc. in Milford, Mass. "It depends on what you perceive the risks to be and where the money is to solve the problem. Focus on figuring out one or two technologies that will take care of the biggest chunk of issues."

Here's a look at some of the newest encryption technologies.

Back-End Appliances

Companies that want blanket encryption coverage on the back end before it goes to backup should consider appliances that sit between servers and storage systems and encrypt the data as it moves back and forth, says W. Curtis Preston, vice president of data protection at GlassHouse Technologies Inc., a storage services company in Framingham, Mass.

Specialized encryption appliances like Decru Inc.'s DataFort, which was acquired by Network Appliance Inc. last summer, and NeoScale Systems Inc.'s CryptoStor can run in storage-area network (SAN), network-attached storage (NAS), iSCSI and tape infrastructures. They encrypt data at close to wire speed, with little latency. Both vendors have also developed versions of their products that will encrypt backup tapes. Decru's offering encrypts NetApp storage, as well as EMC Corp., Hewlett-Packard Co., Sun Microsystems Inc. and IBM storage.

Fusca says encrypting and decrypting data goes unnoticed by users at Dartmouth. "When they get up on the analytical servers and start drawing data through either the tape library or the electronic storage through the DataForts, it is relatively transparent, and there are no discernable delays in accessing the data," he says.

Key management has been simplified. "Once we identify the appropriate client stations that are on the virtual private network that can draw requested encrypted data into their 'cryptainer' [a device that stores decrypted data on the desktop], it's relatively fast and painless for them," Fusca adds.

Appliances also trump software-based encryption at the database level when it comes to compression. Software-encrypted data can't be compressed, which is a tape-drive space savings of 1.5 to 1. "These hardware devices have a compression chip in them, so they compress before they encrypt," Preston says.

Library-based Tape Encryption

In the highly competitive microprocessor market, protecting intellectual property is a serious concern, especially when sensitive data goes to an off-site storage facility.

At Advanced Micro Devices Inc.'s Longmont Design Center, IS manager Tom Dixon has been evaluating the beta version of Spectra Logic Corp.s BlueScale environment for three months. Spectra Logic is one of two library tape vendors that have recently incorporated security into tape drive and tape library hardware. Quantum Corp.'s proprietary DLTsage architecture also offers a tape security feature at the drive level.

"Library-based encryption is a good idea for firms that need to lower the risk associated with sending tapes off-site," wrote analyst Galen Schreck in a January report for Forrester Research Inc.

The Spectra Logic product performs data encryption within the library using an enhanced version of its Quad Interface Processor board. Three months into his evaluation, Dixon says the hardware was "fairly easy" to set up. "You don't have to do anything on the host," he says. "They set up the library, and you set up your keys. That's the biggest headaches. We haven't even talked about that yet."

1 2 3 4 Page 2
Page 2 of 4
7 inconvenient truths about the hybrid work trend
Shop Tech Products at Amazon