New data-access controls and encryption technology will help safeguard information on backup tapes such as those lost earlier this year in several highly publicized incidents.
Quantum Corp. introduces a new security scheme this week that it says will help prevent the kind of lost backup-tape incidents that have exposed sensitive data on millions of consumers this year.
The centerpiece of the Quantum Security Framework is a set of data-access controls that will be included with Quantum's line of digital linear tape drives. Those controls will include what Bob Abraham, principal analyst at Freeman Reports, says will be the first instance of encryption that's native to tape drives. "That's significant, because that's where the encryption should be," says Abraham. "It covers all the bases. It ensures that if you write a tape, it will be encrypted."
The drive-based encryption technology will debut in the second half of 2006. Meanwhile, Quantum already is shipping drives with a new access-control technology in which electronic keys are assigned to tape drives, and then embedded in backup tapes. The two keys must be matched before the data on the tapes can be accessed.
Such measures are needed as companies fight the perception that sensitive consumer data isn't safe once it's moved to off-site backup facilities. In the most high-profile tape losses of the past year, data on nearly 4 million customers of Citigroup and 1.2 million customers of Bank of America was exposed when tapes disappeared during transport to off-site storage facilities. While it was unclear how much--if any--of the lost tapes were encrypted, many IT executives say they're reluctant to encrypt backup data because of the time encryption adds to the process of accessing backup tapes when they're needed. In fact, a recent Enterprise Strategy Group report found that just 28% of companies encrypt data as it's being backed up to tape, and nearly half of those say they do so infrequently.
Quantum has been developing its electronic-key and encryption technologies with that in mind. "It will take literally milliseconds to make the comparison," says Jim Jonez, director of product management at Quantum. "We're not altering or encrypting the content of the data. We're putting access control at the 'front door' to the tape cartridge."
In addition to the new encryption capability, Quantum has formed a partnership with Decru Inc. in which Decru's DataFort encryption appliance will be packaged with Quantum's tape library products. The companies are in the process of certifying DataFort for all Quantum drives. Quantum also is recommending coupling the new security features with the "write once, read many" tapes it introduced a year ago that can't be erased or overwritten. "IT managers want to make sure the data being accessed is the same as the data that was put onto the cartridge," says Jonez.
At the administrative level, Quantum is offering expanded capabilities in assigning role-based access privileges to backup tapes, and new locks on drives, tape libraries, and disk-based backup arrays will add a layer of physical security for tapes stored at off-site facilities.
Whether IT execs adopt Quantum's new approach to encryption remains to be seen. Abraham says companies have been clamoring for encryption when backing up data, but haven't taken advantage of it when it's available. "That would suggest that while it's important to them, it's not urgent," he says. "In general, at least the option of having encryption at the drive level is here."
5 Top Federal Initiatives For 2015As InformationWeek Government readers were busy firming up their fiscal year 2015 budgets, we asked them to rate more than 30 IT initiatives in terms of importance and current leadership focus. No surprise, among more than 30 options, security is No. 1. After that, things get less predictable.