Conventional mainframe systems often store large volumes of data on tapes. Tapes may be used for archival purposes as well as a primary storage medium for some mainframe systems. Lost or stolen tapes in transit between data centers and their off-site storage facilities may lead to losses that compromise personal and private data of individuals. Because of the critical and potentially devastating loss of this highly sensitive information, these losses could expose organizations to a wide range of hardships, including fraud and identify theft.
It is therefore desirable to encrypt tape data at a data center. Numerous attempts to create an easy-to-use mechanism to encrypt tape data, however, have significant limitations. For example, hardware products require that every site that must read encrypted tapes have the same hardware as the site that encrypted the tapes. Thus, trading partners would be required to have the same solution and the same hardware requirements.
Other products, such as software products, may allow data to be copied from tape to another tape in an encrypted form. So, if an application writes a two-volume tape file, then the application can copy that file (or files) to another two-volume tape file in an encrypted form. Then, to read the data, the encrypted two-volume tape file has to be re-copied and un-encrypted back onto a two-volume tape file that is not encrypted. Then, the application can read the un-encrypted two-volume tape file as input. This means writing the data twice and reading the data twice, as well as keeping track of the file name and relationship between the original data, the encrypted copy, and the un-encrypted copy.