Safe and Sound

With a dizzying array of new encryption options on the market, which one is right for you?

1 2 3 4 Page 3
Page 3 of 4

The hardware's encryption keys are managed within the library and can be exported via a Universal Serial Bus flash drive or via an encrypted e-mail. The keys can then be imported into another Spectra library or used within a software decryption utility, in case no library hardware is available.

Library-based security has two big benefits over software-based alternatives, according to Schreck. First, there are no performance penalties. By embedding encryption in the tape subsystem, vendors can use encryption coprocessors to process the data stream at wire speed. Second, security functions are completely transparent to the software. To outside applications and servers, they behave like just a regular tape library. No external software or operating system support is necessary.

But it also means that the tape vendor is completely responsible for managing security. So customers should look for products with strong key- management features, like quorum-based recovery, integration with backup and recovery tools, and automated replication of keys to an escrow service or tape library at a disaster recovery site.

Laptop and 'Edge' Encryption

While encryption efforts focus on back-end and off-site storage tapes, Preston says fewer companies are implementing edge-level encryption methods, such as encrypting data on laptops. What's more, basic laptop encryption offers little protection.

"Most people use a Windows name and password. That becomes the key to encrypt the data. If someone actually stole your laptop to steal your data, that key would not stop them for very long," Preston says. A harder-to-crack, global key-management system for Windows exists as part of Microsoft's Active Directory infrastructure, "but not everyone uses it," he adds.

Laptop manufacturers like Lenovo Group Ltd. are incorporating encryption capabilities into their systems, and Microsoft Corp. will add encryption capabilities to the upcoming Vista version of its Windows operating system.

Don't Encrypt Everything

When it comes to assessing what constitutes "sensitive" data, most companies will find that there are only 8 to 12 bits of information per record, on average, that need encryption, says Gartner's Ouellet. Depending on the type of business, this can include Social Security numbers, credit card information, financial records, health information, intellectual property documents or information about sexual orientation.

"Once you've identified what those bits are, you can choose what solution gives you the biggest carpet covering over the area," says Ouellet. He offers the example of a large retailer that performs online and telephone transactions and holds a lot of credit card information. Within the database, the most sensitive data should be protected. "Pick the most sensitive fields and encrypt those. Don't encrypt everything, because you're going to kill the performance on the database or have other issues with searching and access," Ouellet says.

1 2 3 4 Page 3
Page 3 of 4
7 inconvenient truths about the hybrid work trend
Shop Tech Products at Amazon