Many institutions and corporations back up their data and use removable data storage items such as tape cartridges for storage. Data are usually backed up in a secure location such as an off-site library from where data can be restored in the event of disaster recovery. There have been instances of company data potentially losing its confidentiality due to the loss of backup tape cartridges. In the event that the data on a lost tape cartridge has not been encrypted, that data would be relatively easy for a non-authorised user to read. That situation is undesirable.
Where the backed up data are extremely sensitive, a need is perceived to encrypt the data and thereby improve security. Encryption technology exists that can make the data on tape cartridges unreadable to any person without a correct decryption key. There may be a separate encryption/decryption key. It is difficult to manage the availability of encryption, decryption and encryption/decryption keys, especially keys in an environment with multiple tape drives such as a tape library.
Current encryption solutions concentrate on encrypting the data either at source or on the wire.
The encryption at source solutions use software encryption running on the computer to which the backup devices are attached. This has the advantage of avoiding sending un-encrypted data over a network. However, such software-based encryption is typically slow and can impact backup performance. Also, the software must have some form of associated key management so one does not escape the problem of key management.
Encryption on the wire involves breaking the direct connection between the writing computer and the backup device and inserting an encrypting appliance into the break. This is generally a very expensive solution since such encrypting appliances are expensive. There is also again the key management issue.